[181648] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Route leak in Bangladesh

daemon@ATHENA.MIT.EDU (Mark Tinka)
Tue Jun 30 09:30:03 2015

X-Original-To: nanog@nanog.org
To: Matsuzaki Yoshinobu <maz@iij.ad.jp>, nanog@nanog.org
From: Mark Tinka <mark.tinka@seacom.mu>
Date: Tue, 30 Jun 2015 15:29:57 +0200
In-Reply-To: <20150630.222238.1512981023241287808.maz@iij.ad.jp>
Errors-To: nanog-bounces@nanog.org



On 30/Jun/15 15:22, Matsuzaki Yoshinobu wrote:
> I also suggested them to implement BGP community based route filtering
> in their outbound policy.  Any other suggestions or thoughts to
> prevent such incidents in general?

    - Get your downstreams to create route objects before you turn them up.
    - Get your provisioning teams to validate the prefixes being
provided by your downstreams.
    - Use both prefix- and AS_PATH-based filters for your downstreams.
    - Use BGP communities (as you've stated).
    - No exceptions.

Mark.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[181648] in North American Network Operators' Group

Re: Route leak in Bangladesh

daemon@ATHENA.MIT.EDU (Mark Tinka)Tue Jun 30 09:30:03 2015

daemon@ATHENA.MIT.EDU (Mark Tinka)
Tue Jun 30 09:30:03 2015