nanog mailing list archives
Re: using IRR tools for BGP route filtering
From: Jessica Yu <jyy_99 () yahoo com>
Date: Fri, 23 Jun 2000 07:01:24 -0700 (PDT)
--- Danny McPherson <danny () tcb net> wrote:
I agree with this, and have seen the document, and have worked for large providers that performed prefix filtering on customers long before IOPS existed.
I know that some ISPs have been doing that but that is not good enough. The key is to have EVERY ISP do it to leave no 'holes' for bad routes to sneak in. And that's the model suggested in the paper.
However, if every ISP performed prefix-based filtering between one another, it'd be improved "a lot more". I recall more than a few instances when providers inadvertently broke other providers customers by "mis-advertising" prefixes.
Agree. The ideal situation is to filter on all interface where external routes come in i.e. filter on peers and customers. I used to work for an ISP (ANS) who filtered all its peers and managed to automatically generate router configurations including huge no. of prefix filtering lines. It did help us to dodge the disaster of AS7007 and other similar incidents. However, it does introduce a lot more work. Also, the toughest part is how often to update the filtering list so no legitimate prefixes be blocked. How big a filter list a router can handle in its configuration is something needs to be investigated since number of prefix lines will be huge for peer to peer filtering. In conclusion, the best is for ISPs to filter on peers and customers. But if they can not do that for peers, at least filter on customers. If all ISPs filter its customers, it's already a big step forward.
And if every ISP performed SA verification between one another (presumably with the same filters) it would again be improved "a lot" more. -danny
--jessica
If every ISP does prefix based filtering on its downstream customers, the integrity of theInternetrouting system will be improved a lot. Thedocumentbelow proposes such a model: http://www.iops.org/Documents/routing.html
__________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- Re: using IRR tools for BGP route filtering, (continued)
- Re: using IRR tools for BGP route filtering Danny McPherson (Jun 22)
- Re: using IRR tools for BGP route filtering Jeff Haas (Jun 23)
- Re: using IRR tools for BGP route filtering Mark Borchers (Jun 23)
- Re: using IRR tools for BGP route filtering Jeff Haas (Jun 23)
- Re: using IRR tools for BGP route filtering Mark Prior (Jun 25)
- Re: using IRR tools for BGP route filtering Dana Hudes (Jun 25)
- Re: using IRR tools for BGP route filtering Joe Provo - Network Architect (Jun 25)
- Re: using IRR tools for BGP route filtering Jeff Haas (Jun 23)
- Re: using IRR tools for BGP route filtering Danny McPherson (Jun 22)
- Re: using IRR tools for BGP route filtering John Fraizer (Jun 23)
- Re: using IRR tools for BGP route filtering Michael Shields (Jun 23)