Jared Mauch writes:
No really, the reason for some leaks isn't because so-and-so was never a customer, they were. 5 years ago. nobody removed the routes from the IRR or AS-SET or <insert method here> and now the route is learned via some other location and it's bypassed your perimiter security and infiltrated your BGP.
The issue of cleaning up legacy state for former customers applies to many things beyond route announcements - though the latter may be one of the more visible remnants. I suspect relatively few companies can accurately and completely track the state associated with a customer such that it can be removed once the customer billing stops. (Or they stop paying.) This really needs to be automated and the backend databases need a way to associate records with particular billing entities, or else you will find yourself slowly cleaning up after past customers at inconvenient moments for years. Joe