Re: Settle Free Peering - Default Route Abuse Monitoring

[Raymond Beaudoin <raymond.beaudoin () icarustech com>]

Job,

Thanks so much for the helpful information, especially the RFC. This is
exactly what I was looking for. Have a fantastic week!


Warm Regards,
Raymond Beaudoin

On Sun, Sep 24, 2017 at 3:05 PM, Job Snijders <job () ntt net> wrote:

> Dear Raymond,
>
> On Sun, 24 Sep 2017 at 21:33, Raymond Beaudoin <
> raymond.beaudoin () icarustech com> wrote:
>
> > How is this monitored and tracked? Are ACLs applied to help enforce this
> > (seems to be limited at scale)? Flow export and alarming? Analytics and
> > anomalous behavior detection? Common professional courtesy?
>
>
> This RFC https://tools.ietf.org/html/rfc7789 covers the topic of
> “unexpected traffic flows” which is essentially the same as having default
> being pointed at you without you permission. May be worth reading!
>
> A most scalable option is to use a flow collection / monitoring program
> like pmacct (http://pmacct.net/) to inspect flows and flag the ones that
> shouldn’t exist according to your policy. Paolo Lucente has done excellent
> work to make this problem space manageable: http://wiki.pmacct.net/
> DetectingRoutingViolations
>
> Also, if you are at an internet exchange, make sure to enable MAC
> accounting (if available) on the IX facing interface, so you can easily
> monitor for traffic coming from MAC addresses with which you don’t have a
> BGP session.
>
> Kind regards,
>
> Job