Whats a tier 1?? ps: follow the AS path, call AS's in the path from the bad announcment. Get the peers to stop receiving it. it might be wack-a-mole, but thats part of the job.. On Tue, Aug 06, 2002 at 02:59:15PM -0400, Phil Rosenthal wrote:
Yes, it is lovely when things work out like that. My one experience with this problem was with Telia announcing my more specifics, and their US NOC referred me to their Europe NOC, and there no one spoke English. They are a tier1, so they don't have any upstream to call. It took 20 phone calls and more than an hour to get to someone who cared enough to do anything about it.
--Phil
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Derek Samford Sent: Tuesday, August 06, 2002 2:51 PM To: pr@isprime.com; 'E.B. Dreger'; nanog@merit.edu Subject: RE: Deaggregating for emergency purposes
Phil, You would think, after hearing about 30 people with clue+++ talk, you may realize that this is a patently *bad* thing and should not be done. If your route's are being hijacked you can generally solve your problems in 2-5 phone calls...That's all it's *ever* taken me. 1. Call their NOC. 2. If not helpful call their upstream. 3. Call a couple of Tier 1's who are transit for their upstream, and have them filter it. Done deal, in the time that you've managed to call your ISP and (maybe) gotten about half the internet to reach you, you've solved the problem for the whole net and have ZERO reachability concerns. This is my first and last post to this ridiculous thread.
Derek
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Phil Rosenthal Sent: Tuesday, August 06, 2002 2:44 PM To: 'E.B. Dreger'; nanog@merit.edu Subject: RE: Deaggregating for emergency purposes
--- So explain how this is superior to DNS entr(y|ies) stating who your peers and upstreams are. And there's nothing to say that one could not specify allowed filters in DNS, too.
If someone wants me to advertise 192.168.7/24, and DNS indicates the proper netblock is 192.168.0/19 and their ASN is not origin or adjacent hop, I'll be suspicious. What I do from there becomes a policy question; I probably would contact the IP block owner to verify the request. ---
My way isn't superior at all to a secure BGP solution, but until that exists, I need a choice.
I am definitely on the bandwagon for the need for a secure BGP.
--Phil