[170735] in North American Network Operators' Group
Re: BGPMON Alert Questions
daemon@ATHENA.MIT.EDU (Mark Tinka)
Sat Apr 5 07:11:05 2014
From: Mark Tinka <mark.tinka@seacom.mu>
To: =?iso-8859-1?q?Vitkovsk=FD_Adam?= <adam.vitkovsky@swan.sk>
Date: Sat, 5 Apr 2014 13:10:12 +0200
In-Reply-To: <61DC6BC4ABA10E4489D4A73EBABAC18B011D70D4@EX01.swan.local>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: mark.tinka@seacom.mu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart1864350.6kvLR2Ilnz
Content-Type: Text/Plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
On Friday, April 04, 2014 09:58:42 AM Vitkovsk=FD Adam wrote:
> I wonder when (or if ever) we'll have such a discussion
> about data packets, i.e. finding that someone is not
> doing packet-filtering based on BGP updates is
> absolutely and unacceptably shocking!
Well, filtering in the data plane is slightly easier because=20
a single subnet can cover all traffic coming from individual=20
sources or going to individual destinations.
In the control plane, the industry like to filter on=20
specific prefixes agreed between customer and provider,=20
especially when using automated tools such as RPSL. This can=20
get hairy as configurations become large, where a single=20
entry with "le 24" or "le 48" could have sufficed.
On the other hand, if you're not automating control plane=20
filters to some extent, it becomes messy as you get bigger.
Mark.
--nextPart1864350.6kvLR2Ilnz
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJTP+SXAAoJEGcZuYTeKm+Gvq4P/RlXjAe8NIqrBWko0RrUyczF
CnMWWxf5TBYl1I2F89iJIxjvrpIscfoeFj0lBck/ngnimBpDVIJU1pMmUZsPTiX4
FC5Dx3FOzI/Q83Li+PnnPISf4vK/m05bkgcn/80URWofDH9AF6gaNN5G9uu4xj7s
tf40847dV1irtkDWzncHf5byvakBpnG5xhwx5FjfIxMHxU3JCT9qWMtff4hgl7u1
wuYvNeoUHBfffktAwYfhZVFWPJDP3ZRtTV+kHjpoSz7EASvlslVrvn5LEjmSDjK4
Ds32+B79TPZYpgWxcQOboRO+WGNVI7nF/oDboKx5+jjCNkZUvpAiO8f/qwk7DerL
+LIWvD1mp1euAkszXdQMDgfMVOhlt1lM3zaPSRq0K0jOUMkn8M8l8vIZ1hfoVx32
P17x4hdBydfGhZt3MjkipK5KifMwzD0G25A4FHeusXV6r9bXZIzH6nacrpF1Ey+4
LhVlgUaMIdPYQJE4DHTgB1VLqLA9UVUuDU4sFq1zHq9Pi05AHHkiHFWv2PQejHMH
7kzB4rThDbs+1FsNvzfchbuJP+Z611ArUn5nT5Klfsy92+ZrUMEKy3IEvARyXzMd
xaG6AYQKVGzpLGQSptmoiKGlPooLU7qFN4HR5OngSYfflMXoy4FSR/2Ej0ZM0ZZM
bMiBNDy76NEKdjftqz0/
=VtGz
-----END PGP SIGNATURE-----
--nextPart1864350.6kvLR2Ilnz--
