[104524] in North American Network Operators' Group
Re: [NANOG] peering between ASes
daemon@ATHENA.MIT.EDU (Nathan Ward)
Sat May 17 04:13:55 2008
From: Nathan Ward <nanog@daork.net>
To: nanog <nanog@merit.edu>
In-Reply-To: <482E72BE.70001@internode.com.au>
Date: Sat, 17 May 2008 20:13:12 +1200
Errors-To: nanog-bounces@nanog.org
On 17/05/2008, at 5:53 PM, Matthew Moyle-Croft wrote:
> Nathan Ward wrote:
>> If the foreign AS really wants to send you routes that way, they
>> can do it regardless of how you stop your advertisements being
>> accepted by/ reaching them. We're hardly talking high security here.
>>
>> ip route <prefix> <netmask> 1.1.1.1 works a treat.
>>
> I'm not quite sure of your point Nathan. That'd stop connectivity
> which isn't usually the point - especially if the issue is point (2)
> below.
If a foreign AS wants to work around things put in place by you/others
so they don't get your prefixes (be it ASPATH poisoning, route
filtering by the MLPA route-server operator, etc.) they can do so
easily by putting a static route in to their equipment.
My point is that none of these techniques are bulletproof.
I think I meant to say "packets" where I said "routes" where you
quoted me above, also, that ip route blah was something that the
foreign AS would stuff in to their router. I hope that's a bit more
clear.
> MLPAs are disliked for two main reasons that I've been able to
> discern.
I'm not debating for/against MLPAs, that doesn't really go anywhere
productive. I'm giving info that some people might find useful if
they've got a network condition they need to work around with a dirty
hack.
--
Nathan Ward
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
