On Tue, Jun 30, 2015 at 09:44:12AM -0400, Joe Abley wrote:
On 30 Jun 2015, at 9:41, Job Snijders wrote:
In addition to the BGP community scheme, outbound as-path filters could help.
I agree, but possibly not in the case of a redistribution loop.
(We don't know that's what happened, exactly, but I thought it was worth mentioning.)
Joe, you are right. In this specific situation, for a small to medium sized network, it might be prudent to apply an outbound prefix-filter on all transit & peering sessions and thus only allowing prefixes which actually belong to downstream customers and the network itself. One could generate that prefix-list based on the network's AS-SET. I wouldn't deploy /only/ outbound prefix-filters. This method should be viewed as complementary to other methods such as the already mentioned a BGP community scheme. Kind regards, Job