On Mon, 28 Apr 2003, McBurnett, Jim wrote:
Sean, I am not a BGP Guru by any means but as I see it: there are more than 25 /8 that should not be routed at all... And they are easily summarized.. some can be /6 or less... I never tried that.. But should work....
Just putting a static inside your network (advertised no-export of course) for 1/8 (for instance) will not solve your problem, since I can advertise 1/9 and get that traffic (inside your ASN atleast). This problem is really only solved with good filters on customer bgp session. That and a process to validate that new netblocks from customers that should be added to the filter. In the examples of Trafalgar house and the German Corp's stolen /16 from earlier last week, the hijacking was 'quickly' shutdown when the upstream providers for the 'offending' (duped or perhaps complicit) ASN's were notified of the situation. Perhaps the notification process could have been faster, or the actions from the upstreams more streamlined...