home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Nathan Ward <nanog@daork.net> To: nanog <nanog@merit.edu> In-Reply-To: <482E72BE.70001@internode.com.au> Date: Sat, 17 May 2008 20:13:12 +1200 Errors-To: nanog-bounces@nanog.org On 17/05/2008, at 5:53 PM, Matthew Moyle-Croft wrote: > Nathan Ward wrote: >> If the foreign AS really wants to send you routes that way, they >> can do it regardless of how you stop your advertisements being >> accepted by/ reaching them. We're hardly talking high security here. >> >> ip route <prefix> <netmask> 1.1.1.1 works a treat. >> > I'm not quite sure of your point Nathan. That'd stop connectivity > which isn't usually the point - especially if the issue is point (2) > below. If a foreign AS wants to work around things put in place by you/others so they don't get your prefixes (be it ASPATH poisoning, route filtering by the MLPA route-server operator, etc.) they can do so easily by putting a static route in to their equipment. My point is that none of these techniques are bulletproof. I think I meant to say "packets" where I said "routes" where you quoted me above, also, that ip route blah was something that the foreign AS would stuff in to their router. I hope that's a bit more clear. > MLPAs are disliked for two main reasons that I've been able to > discern. I'm not debating for/against MLPAs, that doesn't really go anywhere productive. I'm giving info that some people might find useful if they've got a network condition they need to work around with a dirty hack. -- Nathan Ward _______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |