nanog mailing list archives
Re: CloudFlare issues?
From: Aftab Siddiqui <aftab.siddiqui () gmail com>
Date: Wed, 26 Jun 2019 00:12:45 +1000
Hi Stephen,
I used to be a quality control engineer in my career, so I have a question to ask from the perspective of a QC guy: what is the Best Practice for minimizing, if not totally preventing, this sort of problem? Is there a "cookbook" answer to this?
As suggested by Job in the thread above,
- deploy RPKI based BGP Origin validation (with invalid == reject)
- apply maximum prefix limits on all EBGP sessions
- ask your router vendor to comply with RFC 8212 ('default deny')
- turn off your 'BGP optimizers' --> You actually don't need that at
all. I survived without any optimizer.
Aslo, read RFC7454 and join MANRS :)
Regards,
Aftab Siddiqui
Current thread:
- Re: CloudFlare issues?, (continued)
- Re: CloudFlare issues? Katie Holly (Jun 25)
- Are network operators morons? [was: CloudFlare issues?] Patrick W. Gilmore (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Matthew Walster (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Adam Kennedy via NANOG (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Mark Tinka (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Christopher Morrow (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Randy Bush (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Sean Donelan (Jun 25)
- Re: Are network operators morons? [was: CloudFlare issues?] Randy Bush (Jun 25)
- Re: CloudFlare issues? Stephen Satchell (Jun 25)
- Re: CloudFlare issues? Aftab Siddiqui (Jun 25)
- Re: CloudFlare issues? Ca By (Jun 25)
- Re: CloudFlare issues? Mark Tinka (Jun 24)
- Re: CloudFlare issues? Fredrik Korsbäck (Jun 24)
- Re: CloudFlare issues? Filip Hruska (Jun 24)
- Re: CloudFlare issues? Christopher Morrow (Jun 24)
- Verizon Routing issue Jared Mauch (Jun 24)
- Re: Verizon Routing issue ML (Jun 24)