24.06.19 17:44, Jared Mauch пише:
1. Why Cloudflare did not immediately announced all their address space by /24s? This can put the service up instantly for almost all places. They may not want to pollute the global routing table with these entries. It has a cost for everyone. If we all did this, the table would be a mess.
yes, it is. But it is a working, quick and temporary fix of the problem.
2. Why almost all carriers did not filter the leak on their side, but waited for "a better weather on Mars" for several hours? There’s several major issues here
- Verizon accepted garbage from their customer - Other networks accepted the garbage from Verizon (eg: Cogent) - known best practices from over a decade ago are not applied
That's it. We have several IXes connected, all of them had a correct aggregated route to CF. And there was one upstream distributed leaked more specifics. I think 30min maximum is enough to find out a problem and filter out it's source on their side. Almost nobody did it. Why?