Yep agreed... We balance that by keeping the max-prefix no more than about 40% over the current prefix limit on each peer. For us it is a trade-off, accept the routes or don't send the traffic to peering. The couple of times I have seen route leaks that involved one or two routes they were paths that worked, they were just wrong and we ended up just throwing a prefix-list on that peer. The thing is, one basically has to trust one's transit providers which don't always filter well. Given this trusting one's peers at least some-what does not seem too out there. John van Oppen Spectrum Networks LLC Direct: 206.973.8302 Main: 206.973.8300 Website: http://spectrumnetworks.us -----Original Message----- From: Martin Barry [mailto:marty@supine.com] Sent: Monday, February 02, 2009 7:22 PM To: nanog@nanog.org Subject: Re: Peer Filtering $quoted_author = "John van Oppen" ;
Here in the US we don't bother, max-prefix covers it... It seems
that
US originated prefixes are rather sporadically entered into the routing DBs.
...and you are not worried about someone leaking a subset of routes? I understand that most failure cases would trigger a max-prefix but a typo could allow just enough leakage to not hit max-prefix and yet still make something "important" unreachable. cheers marty -- with usenet gone, we just don't teach our kids entertainment-level hyperbole any more. --Paul Vixie http://www.merit.edu/mail.archives/nanog/2006-01/msg00593.html