Re: BGPMON Alert Questions

[Mark Tinka <mark.tinka () seacom mu>]

On Friday, April 04, 2014 09:58:42 AM Vitkovský Adam wrote:

> I wonder when (or if ever) we'll have such a discussion
> about data packets, i.e. finding that someone is not
> doing packet-filtering based on BGP updates is
> absolutely and unacceptably shocking!

Well, filtering in the data plane is slightly easier because 
a single subnet can cover all traffic coming from individual 
sources or going to individual destinations.

In the control plane, the industry like to filter on 
specific prefixes agreed between customer and provider, 
especially when using automated tools such as RPSL. This can 
get hairy as configurations become large, where a single 
entry with "le 24" or "le 48" could have sufficed.

On the other hand, if you're not automating control plane 
filters to some extent, it becomes messy as you get bigger.

Mark.

Attachment: signature.asc
Description: This is a digitally signed message part.