[137991] in North American Network Operators' Group
Re: 6453 routing leaks (January and Today)
daemon@ATHENA.MIT.EDU (Mark Gauvin)
Fri Feb 25 13:40:31 2011
X-Barracuda-Envelope-From: MGauvin@dryden.ca
From: Mark Gauvin <MGauvin@dryden.ca>
To: Paul Stewart <paul@paulstewart.org>
Date: Fri, 25 Feb 2011 12:39:49 -0600
In-Reply-To: <03bb01cbd519$34de1760$9e9a4620$@org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Would love a pm on the platform in question
Sent from my iPhone
On 2011-02-25, at 12:23 PM, "Paul Stewart" <paul@paulstewart.org> wrote:
> Yes, very scary actually....
>
> Human error is unavoidable - it's going to happen at times - BUT....
>
> In our communities design, there has been times where we have missed =20
> a tag
> on an inbound customer for example. It scares the crap out of me to =20
> think
> that something like that simple mistake could cause route leakage.
> Thankfully, anytime it has happened it would caught pretty quickly =20
> and fixed
> - in the meantime the routes simply didn't leave our network (the =20
> way it
> should be).
>
> Obviously the scales are different between someone like ourselves =20
> and that
> of TATA - but the principles and common sense remain.
>
> Paul
>
>
>
> -----Original Message-----
> From: Richard A Steenbergen [mailto:ras@e-gerbil.net]
> Sent: Friday, February 25, 2011 12:52 PM
> To: Jared Mauch
> Cc: NANOG list
> Subject: Re: 6453 routing leaks (January and Today)
>
> On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
>> Update:
>>
>> I have had a source ask me to post the following:
>>
>> -- snip --
>> The problem with route leaking was caused by specific routing =20
>> platform
>> resulting in some peer routes not being properly tagged.
>> We are deploying additional measures to prevent this from happening =20
>> in
>> the future
>> -- snip --
>
> Hopefully someone learned a lesson about BGP community design, and how
> it should fail safe by NOT leaking if you accidentally fail to tag a
> route. Always require a positive match on a route to advertise to =20
> peers,
> not the absence of a negative match.
>
> --=20
> Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ra=
s
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 =20
> 2CBC)
>
>
