nanog mailing list archives
Re: BGP route hijack by AS10990
From: Mark Tinka <mark.tinka () seacom com>
Date: Sat, 1 Aug 2020 22:31:47 +0200
On 1/Aug/20 20:14, Hank Nussbacher wrote:
AS level filtering is easy. IP prefix level filtering is hard. Especially when you are in the top 200: https://asrank.caida.org/
Doesn't immediately make sense to me why prefix filtering is hard.
That being said, and due to these BGP "polluters" constantly doing the same thing, wouldn't an easy fix be to use the max-prefix/prefix-limit option: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/prefix-limit-edit-protocols-bgp.html For every BGP peer, the ISP determines what the current max-prefix currently is. Then add in 2% and set the max-prefix. An errant BGP polluter would then only have limited damage to the Internet routing table. Not the greatest solution, but easy to implement via a one line change on every BGP peer.
It's about combining multiple solutions to ensure several catch-points. AS_PATH filtering, prefix filtering and max-prefix.
Smaller ISPs can easily do it on their 10 BGP peers so as to limit damage as to what they will hear from their neighbors.
All ISP's should do this. All ISP's can. Mark.
Current thread:
- Re: BGP route hijack by AS10990, (continued)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Nick Hilliard (Aug 01)
- Re: BGP route hijack by AS10990 Sabri Berisha (Aug 01)
- Re: BGP route hijack by AS10990 Nick Hilliard (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 02)
- RE: BGP route hijack by AS10990 adamv0025 (Aug 03)
- Re: BGP route hijack by AS10990 Alex Band (Aug 03)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 03)
- Re: BGP route hijack by AS10990 Job Snijders (Aug 03)
- Re: BGP route hijack by AS10990 Baldur Norddahl (Aug 03)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 03)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 03)