Thanks for your help
Several of you responded earlier today with information that was helpful in resolving the problem of a bad route to one of our networks being propagated. So, collected gurus of the net, how do we keep this from happening again? We can wire down the route at the ISPs we take service from (and do), but what keeps some random person from propagating bad routes into the system and blowing away your network by accident? Surely there has been some thought given to this problem. I'm convinced today's incident wasn't malicious (at least until proven otherwise), but you can see the potential here. -jcp-
jcp@pointcast.com said:
So, collected gurus of the net, how do we keep this from happening again?
We can wire down the route at the ISPs we take service from (and do), but what keeps some random person from propagating bad routes into the system and blowing away your network by accident? Surely there has been some thought given to this problem. I'm convinced today's incident wasn't malicious (at least until proven otherwise), but you can see the potential here.
There is no easy way to fix BGP. If you got your way, then how would you ever allow multihomed sites? Just track them down and a) get them to fix it b) get their provider to filter their incoming announcements If all the ISPs, both end-node and traansit, did perfect route filtering this would never happen. It's not likely to ever be perfect, but it can be much better than it is now. Jerry
participants (2)
-
Jerry Scharf
-
Joseph C. Pistritto