[159650] in North American Network Operators' Group
Re: How are operators using IRR?
daemon@ATHENA.MIT.EDU (Pierre-Yves Maunier)
Thu Jan 17 07:46:06 2013
In-Reply-To: <50F74C10.8090408@kenweb.org>
From: Pierre-Yves Maunier <nanog@maunier.org>
Date: Thu, 17 Jan 2013 13:45:32 +0100
To: ml@kenweb.org
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
2013/1/17 ML <ml@kenweb.org>
> How are operators using the data available in the various IRRs?
>
> Using an example:
>
> AS1 is your customer
> AS1 has AS2, AS3 and AS4 described as customers in an IRR
> Also assume AS2 has IRR data describing AS1000 and AS2000 as it's
> customers.
>
> Are operators building AS path regexes such as the following automatically
> from IRR and applying that to your BGP sessions?
>
> ----
> AS1{1,}
> AS1{1,} AS2{1,}
> AS1{1,} AS3{1,}
> AS1{1,} AS2{1,} AS1000{1,}
> AS1{1,} AS2{1,} AS2000{1,}
> ----
>
>
> I would imagine most operators that are building policy from IRR are
> building prefix lists to limit what they are accepting. Is this being
> paired with some AS path filtering?
>
>
> Are operators just traversing an AS-SET as far as it will go and building
> prefix lists to represent all intended prefixes to be heard on a session
> regardless of who originates them? Is the possibility of AS1000 hijacking
> AS2000 prefixes towards AS2 a problem you as the upstream to AS1 need to
> consider? (Last question assumes AS2 made a mistake and wasn't filtering
> properly on it's own customers and AS1 is just accepting all prefixes under
> the cone of AS2)
>
> Thanks
>
Hi,
I usually build a prefix-list gathering route objects having an origin AS
from the customer AS-SET.
I know some operators doing AS-PATH filtering and other who don't have
anything else than a max-prefix limit on the session.
In my previous job, one of my transit provider just had a max-prefix limit
of 4k and I was announcing 2K routes. Hopefully we were good enough to not
leak any unlegitimate routes on the sessions by misconfiguration.
--
Pierre-Yves
