[137989] in North American Network Operators' Group
RE: 6453 routing leaks (January and Today)
daemon@ATHENA.MIT.EDU (Paul Stewart)
Fri Feb 25 13:24:25 2011
From: "Paul Stewart" <paul@paulstewart.org>
To: "'Richard A Steenbergen'" <ras@e-gerbil.net>,
"'Jared Mauch'" <jared@puck.nether.net>
In-Reply-To: <20110225175144.GI38726@gerbil.cluepon.net>
Date: Fri, 25 Feb 2011 13:24:13 -0500
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yes, very scary actually....
Human error is unavoidable - it's going to happen at times - BUT....
In our communities design, there has been times where we have missed a tag
on an inbound customer for example. It scares the crap out of me to think
that something like that simple mistake could cause route leakage.
Thankfully, anytime it has happened it would caught pretty quickly and fixed
- in the meantime the routes simply didn't leave our network (the way it
should be).
Obviously the scales are different between someone like ourselves and that
of TATA - but the principles and common sense remain.
Paul
-----Original Message-----
From: Richard A Steenbergen [mailto:ras@e-gerbil.net]
Sent: Friday, February 25, 2011 12:52 PM
To: Jared Mauch
Cc: NANOG list
Subject: Re: 6453 routing leaks (January and Today)
On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
> Update:
>
> I have had a source ask me to post the following:
>
> -- snip --
> The problem with route leaking was caused by specific routing platform
> resulting in some peer routes not being properly tagged.
> We are deploying additional measures to prevent this from happening in
> the future
> -- snip --
Hopefully someone learned a lesson about BGP community design, and how
it should fail safe by NOT leaking if you accidentally fail to tag a
route. Always require a positive match on a route to advertise to peers,
not the absence of a negative match.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
