nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: do not filter your customers

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Fri, 24 Feb 2012 16:07:28 -0500
On Fri, Feb 24, 2012 at 3:59 PM, Leo Bicknell <bicknell () ufp org> wrote:

In a message written on Fri, Feb 24, 2012 at 01:04:20PM -0700, Shane Amante wrote:

Solving for route leaks is /the/ "killer app" for BGPSEC.  I can't understand why people keep ignoring this.


Not all "leaks" are bad.

I remember when there was that undersea landside in Asia that took
out a bunch of undersea cables.  Various providers quickly did
mutual transit and other arrangements to route around the problem,
getting a number of things back up quite quickly.  These did not
match IRR records though, and likely would not have matached BGPSEC
information, at least not initially.


well.... for bgpsec so if the paths were signed, and origins signed,
why would they NOT pass BGPSEC muster?

I can see that if the IRR data didn't match up sanely
prefix-lists/filters would need some cajoling, but that likely
happened anyway in this case.

-chris
Previous By Date Next
Previous By Thread Next

Current thread: