
On Jun 12, 2015, at 1:40 PM, jim deleskie <deleskie@gmail.com> wrote:
Todd,
One of my few work "regrets" is we where not able to move this forward. There was/is lots of value in it.
There are many of us trying to tilt at these topics in various ways. I know that at $dayjob we try to keep things clean, monitor what’s going on etc.. I’m happy to dump any ASN into my leak detector stuff here that wants it: http://puck.nether.net/bgp/leakinfo.cgi it only looks for one type of thing, but with “the cloud” it’s much easier to toss feeds and compute at these things than 10-20 years ago. I’m always disappointed to find that people just “give up” at a certain scale in trying to filter things. I blame many of the vendors for not having the will to fix their BGP implementations to advertise no routes to a new peer without policy. I blame vendors for failing to train/test people on filtering routes as part of their *IE certification. If you’re an internet expert you don’t make these errors, or don’t have them occur for such a long duration. I blame vendors for selling devices route optimization that translate a regular BGP feed into a garbage feed that can cause global pollution. Many people don’t understand their IP routing “supply chain” so lines of people waiting to pay because you can’t swipe your card is the fault of many people, including the people without cash to cover their food bills. I can rant all day about this amongst other things. What have you done today to improve your routing security? - Jared