25 Jun
2019
25 Jun
'19
10:12 a.m.
Hi Stephen,
I used to be a quality control engineer in my career, so I have a question to ask from the perspective of a QC guy: what is the Best Practice for minimizing, if not totally preventing, this sort of problem? Is there a "cookbook" answer to this?
As suggested by Job in the thread above, - deploy RPKI based BGP Origin validation (with invalid == reject) - apply maximum prefix limits on all EBGP sessions - ask your router vendor to comply with RFC 8212 ('default deny') - turn off your 'BGP optimizers' --> You actually don't need that at all. I survived without any optimizer. Aslo, read RFC7454 and join MANRS :) Regards, Aftab Siddiqui