I hate to say it, but there are, uh, instances, where AS filtering would not come close to being enough. For example, if you had an IGP involved that runs between two border routers, and the external table from one router somehow gets redistributed into the IGP and then picked up by the other and gets passed on, all the routes go out *without any previous AS path information*. -The pain now surfaces- Further, if you have one of these new fancy rotuing switches that essentially runs a different routing process on each blade (gee, like the BNx platforms from Bay used to do) you could (theoretically of course) have a pair of such blades do what I described above all in one box! The bottom line is that what happened last week end happened to us two years ago, and to PSI the year before that. This is not a new problem. Unless you are using the routing registries, which can get to be a royal pain in the ass, we are all somewhat dependant on our fellow will filter their outbound announcements appropriately. -vb
-----Original Message----- From: Sanjay Dani [mailto:sanjay@professionals.com] Sent: Wednesday, October 28, 1998 2:57 AM To: vbono@comstor.com Cc: nanog@merit.edu Subject: Re: Route Leaks
I'd like to propose a simple solution to the class of route leak we've recently seen. I'd like to encourage our peers to put a simple filter in place. If you peer with AS 3561, please do not accept any route with AS 3561 in the path from either your customers or your other peers.
I feel almost silly to point out a simple solution, an extension of the above, to the smart crowd here. But doesn't every one at the very least filter routes from peers/customers to reject ASes 701, 3561, 1, 1239 et al. (unless of course the peer is one of them). Minimizes the damage right away. Of course, not as tight as using routing registries. Has saved us a few times.
Now that is a positive side to the industry with a handful few huge, transit-free, players. Just watch the mergers and acquisitions news to stay current :-)
-- Regards, Sanjay.
--------------------------------------------------------------- Web Professionals, Inc. Direct: +1 408-863-4850 20111 Stevens Creek Blvd, Suite 145 Biz/NOC: +1 408-863-4848 Cupertino CA 95014 USA http://serverhosting.net --------------------------------------------------------------- -=- Data Center Server Hosting Inside an Internet Exchange -=-
participants (1)
-
Bono, Vinny J (CORP, ITDG)