[103124] in North American Network Operators' Group
Re: Operators Penalized? (was Re: Kenyan Route Hijack)
daemon@ATHENA.MIT.EDU (Pekka Savola)
Tue Mar 18 13:58:27 2008
Date: Mon, 17 Mar 2008 18:06:20 +0200 (EET)
From: Pekka Savola <pekkas@netcore.fi>
To: "Larry J. Blunk" <ljb@merit.edu>
cc: Suresh Ramasubramanian <ops.lists@gmail.com>,
Jeff Aitken <jaitken@aitken.com>, Glen Kent <glen.kent@gmail.com>,
nanog@merit.edu
In-Reply-To: <47DE8BAE.6040206@merit.edu>
Errors-To: owner-nanog@merit.edu
On Mon, 17 Mar 2008, Larry J. Blunk wrote:
> RFC2827 is about source address filtering which
> is not really the same as BGP route announcement
> filtering. Unfortunately, I have not come across
> any RFC's with a thorough discussion of route
> filtering. It is mentioned briefly in RFC 3013,
> but section 4.5 only suggests filtering routes for
> private address space. RFC 4778 also mentions it,
> but again, there is no in depth discussion. Perhaps
> it is time for an RFC dedicated to route filtering
> practices?
This provides half a page summary of what can be done without sweating
too much:
http://tools.ietf.org/html/draft-savola-rtgwg-backbone-attacks-03#section-3.2
Applying a (secure) IRR database to build filters for peers and
transits has not (AFAIK) been very well documented anywhere. But on
the other hand, not too many people are using it either. Unless a
better place or a new document is found for that, I can add some
verbiage to the abovementioned draft.
(Currently, however, it is not obvious to me if that draft is going to
progress, and if so which IETF WG or similar forum would be the right
place to develop it.)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
