Re: Route leak in Bangladesh

[Jared Mauch <jared () puck Nether net>]

On Wed, Jul 01, 2015 at 08:25:06AM +0200, Mark Tinka wrote:
> On 30/Jun/15 17:09, Job Snijders wrote:
> > If you are a network providing transit to the leak originator mentioned
> > in the above paragraph, I believe a prefix based filter could have made
> > a big difference.
>
> And therein lies the secret sauce.
>
> Given that we've had an incident like this twice in the past month, I'm
> seriously concerned about the network operations of "top-tier" providers.

        I'll say we certainly try hard to mitigate these issues.  It's
hard because while platitudes on this list don't cause IOS devices
to not send a full routing table by default (for example).

        I would like to see others participate in the dialog with vendors
so we don't seem to be quite an outlier with "wow, you have really
large configs".  The vendors haven't quite kept pace with the increase
in density proportional to the number of configuration lines and
it sure feels like we are the only people pushing them to improve.

        This combined with the number of devices that are doing
kinky routing to 'optmize' a network make it more likely that
something will cause damage.  rfc1925 2.(9)a applies.

        - Jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.