[102975] in North American Network Operators' Group
Re: Peering with the Internet Alert Registry
daemon@ATHENA.MIT.EDU (Josh Karlin)
Mon Mar 10 22:06:53 2008
Date: Mon, 10 Mar 2008 20:02:12 -0600
From: "Josh Karlin" <karlinjf@cs.unm.edu>
To: "Christopher Morrow" <christopher.morrow@gmail.com>
Cc: nanog@merit.edu
In-Reply-To: <75cb24520803101501r2888addma6d1d68bc9b9983e@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
------=_Part_11757_23566423.1205200932677
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Chris,
That's a good question. IAR peers that also wish to run PGBGP will transmit
their anomalous routes out of band to the IAR. This will likely be done via
logs and a simple forwarding script.
Josh
On Mon, Mar 10, 2008 at 4:01 PM, Christopher Morrow <
christopher.morrow@gmail.com> wrote:
> On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin <karlinjf@cs.unm.edu> wrote:
> > All,
> >
> > Some of you are aware of the site for network operators:
> > http://iar.cs.unm.edu/ which has running for two years now. The
> purpose of
> > the site is to detect and distribute network anomaly information to the
> > network operators that need to know. The flip side of our proposed
> security
> > system, Pretty Good BGP (PGBGP), lowers the local preference of
> anomalous
> > routes on BGP routers for 24 hours, giving operators time to respond to
> > anomalous routes before they can fully propagate.
> >
>
> does pgbgp toss out alerts/snmp-traps/log-messages when these
> anomalous announcements arrive? if not, how does one know they are
> inside the 24hr window?
>
------=_Part_11757_23566423.1205200932677
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Chris, <br><br>That's a good question. IAR peers that also wish to run PGBGP will transmit their anomalous routes out of band to the IAR. This will likely be done via logs and a simple forwarding script.<br><br>Josh<br>
<br><br><br><div class="gmail_quote">On Mon, Mar 10, 2008 at 4:01 PM, Christopher Morrow <<a href="mailto:christopher.morrow@gmail.com">christopher.morrow@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin <<a href="mailto:karlinjf@cs.unm.edu">karlinjf@cs.unm.edu</a>> wrote:<br>
> All,<br>
><br>
> Some of you are aware of the site for network operators:<br>
> <a href="http://iar.cs.unm.edu/" target="_blank">http://iar.cs.unm.edu/</a> which has running for two years now. The purpose of<br>
> the site is to detect and distribute network anomaly information to the<br>
> network operators that need to know. The flip side of our proposed security<br>
> system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous<br>
> routes on BGP routers for 24 hours, giving operators time to respond to<br>
> anomalous routes before they can fully propagate.<br>
><br>
<br>
</div>does pgbgp toss out alerts/snmp-traps/log-messages when these<br>
anomalous announcements arrive? if not, how does one know they are<br>
inside the 24hr window?<br>
</blockquote></div><br>
------=_Part_11757_23566423.1205200932677--
