Yes, very scary actually.... Human error is unavoidable - it's going to happen at times - BUT.... In our communities design, there has been times where we have missed a tag on an inbound customer for example. It scares the crap out of me to think that something like that simple mistake could cause route leakage. Thankfully, anytime it has happened it would caught pretty quickly and fixed - in the meantime the routes simply didn't leave our network (the way it should be). Obviously the scales are different between someone like ourselves and that of TATA - but the principles and common sense remain. Paul -----Original Message----- From: Richard A Steenbergen [mailto:ras@e-gerbil.net] Sent: Friday, February 25, 2011 12:52 PM To: Jared Mauch Cc: NANOG list Subject: Re: 6453 routing leaks (January and Today) On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
Update:
I have had a source ask me to post the following:
-- snip -- The problem with route leaking was caused by specific routing platform resulting in some peer routes not being properly tagged. We are deploying additional measures to prevent this from happening in the future -- snip --
Hopefully someone learned a lesson about BGP community design, and how it should fail safe by NOT leaking if you accidentally fail to tag a route. Always require a positive match on a route to advertise to peers, not the absence of a negative match. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)