[111284] in North American Network Operators' Group
RE: Peer Filtering
daemon@ATHENA.MIT.EDU (John van Oppen)
Mon Feb 2 22:54:28 2009
Date: Mon, 2 Feb 2009 19:54:20 -0800
From: "John van Oppen" <john@vanoppen.com>
To: "Martin Barry" <marty@supine.com>,
<nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Yep agreed... We balance that by keeping the max-prefix no more than
about 40% over the current prefix limit on each peer. For us it is a
trade-off, accept the routes or don't send the traffic to peering. The
couple of times I have seen route leaks that involved one or two routes
they were paths that worked, they were just wrong and we ended up just
throwing a prefix-list on that peer.=20
The thing is, one basically has to trust one's transit providers which
don't always filter well. Given this trusting one's peers at least
some-what does not seem too out there.
John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us
-----Original Message-----
From: Martin Barry [mailto:marty@supine.com]=20
Sent: Monday, February 02, 2009 7:22 PM
To: nanog@nanog.org
Subject: Re: Peer Filtering
$quoted_author =3D "John van Oppen" ;
>=20
> Here in the US we don't bother, max-prefix covers it... It seems
that
> US originated prefixes are rather sporadically entered into the
routing
> DBs.
=20
...and you are not worried about someone leaking a subset of routes?
I understand that most failure cases would trigger a max-prefix but a
typo
could allow just enough leakage to not hit max-prefix and yet still make
something "important" unreachable.
cheers
marty
--=20
with usenet gone, we just don't teach our kids entertainment-level
hyperbole
any more. --Paul Vixie
http://www.merit.edu/mail.archives/nanog/2006-01/msg00593.html
