On Wed, Aug 13, 2008 at 05:09:54PM -0400, Sean Donelan wrote:
On Wed, 13 Aug 2008, Mikael Abrahamsson wrote:
We have prefix-filters on our customer bgp sessions, so that should be fairly safe, but I see no good way of doing this towards peers as there is no uniform way of doing this, and there is no industry consenus how it should be done.
Read your peering contract with the other ISP. It should cover what to do if this happens.
What? you don't have a peering contract with the other ISP. Well I guess there is no requirement to keep the peering session established if the peer does stuff you don't want on your network.
If it hurts when you do something, why do you keep doing it?
two things: 1) I didn't mean to call out any specific provider, we all have challenges. Sorry to my friends at Cogent that may have been offeneded. 2) I think some people have been a bit too lax in enforcing their peering policies on this topic. Letting something leak for a few hours may not matter much for some small business or corner of the world. Leaking something important, or being nasty with it could be really bad. Imagine instead of spoofing some nameserver, annoucing the space and being rogue long enough to push out some huge TTL. Take whitehouse.gov out for the next 30 days.. Would make life interesting. I can think of other badness to do but won't enumerate it here. - Jared (dinner time!) -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.