On 12/Jun/15 19:12, Job Snijders wrote:
The simplest protection mechanism of all: maximum prefix limits. If you turn up a peer or customer, confirm with them how many routes you should expect, add 15% and configure that.
For peering and customers, we set a default prefix limit value for IPv4 and IPv6. We only change this if the peer/customer informs us that they will announce a lot more than what we've configured. We add some % to cover for "sudden" growth, but not too much to impact the network. For customers, we add prefix lists and AS_PATH filters as mandatory. I'm sure others do the same. It would be good if we all did. I know the largest transit providers tend to be more relaxed for various reasons. Some rely on filters generated by IRR entries, others don't. A lot more work is needed, indeed. It's not 2008 anymore... Mark.