nanog mailing list archives
Re: BGP prefix filter list
From: Ca By <cb.list6 () gmail com>
Date: Mon, 20 May 2019 18:29:37 -0700
On Mon, May 20, 2019 at 5:59 PM Seth Mattinen <sethm () rollernet us> wrote:
On 5/20/19 4:26 PM, John Kristoff wrote:On Mon, 20 May 2019 23:09:02 +0000 Seth Mattinen<sethm () rollernet us> wrote:A good start would be killing any /24 announcement where a covering aggregate exists.I wouldn't do this as a general rule. If an attacker knows networks are 1) not pointing default, 2) dropping /24's, 3) not validating the aggregates, and 4) no actual legitimate aggregate exists, (all reasonable assumptions so far for many /24's), then they have a pretty good opportunity to capture that traffic.I'm talking about the case where someone has like a /20 and announces the /20 plus every /24 it contains. I regard those as garbage announcements.
The lesson for all is — do not expect /24s to reach all edges. People have been doing this since we hit 512k routes, and will do it more often, regardless of how much shade you throw on this mailer. Like NAT, this is another way that IPv4 is buckling
Current thread:
- Re: BGP prefix filter list, (continued)
- Re: BGP prefix filter list Baldur Norddahl (May 17)
- Re: BGP prefix filter list Blake Hudson (May 17)
- Re: BGP prefix filter list Baldur Norddahl (May 18)
- Re: BGP prefix filter list Blake Hudson (May 20)
- Re: BGP prefix filter list William Herrin (May 20)
- Re: BGP prefix filter list i3D . net - Martijn Schmidt (May 20)
- Re: BGP prefix filter list Seth Mattinen (May 20)
- Re: BGP prefix filter list William Herrin (May 20)
- Message not available
- Re: BGP prefix filter list John Kristoff (May 20)
- Re: BGP prefix filter list Seth Mattinen (May 20)
- Re: BGP prefix filter list Ca By (May 20)
- Re: BGP prefix filter list Alejandro Acosta (May 21)
- Re: BGP prefix filter list Tom Beecher (May 22)
- Re: BGP prefix filter list Alejandro Acosta (May 22)
- Re: BGP prefix filter list Sabri Berisha (May 22)
- Re: BGP prefix filter list Ross Tajvar (May 22)
- Re: BGP prefix filter list Sabri Berisha (May 24)
- Re: BGP prefix filter list Mike Hammett (May 24)
- Re: BGP prefix filter list William Herrin (May 24)
- Re: BGP prefix filter list Blake Hudson (May 24)
- Re: BGP prefix filter list William Herrin (May 24)