[181649] in North American Network Operators' Group
Re: Route leak in Bangladesh
daemon@ATHENA.MIT.EDU (Job Snijders)
Tue Jun 30 09:41:28 2015
X-Original-To: nanog@nanog.org
Date: Tue, 30 Jun 2015 15:41:18 +0200
From: Job Snijders <job@instituut.net>
To: Matsuzaki Yoshinobu <maz@iij.ad.jp>
In-Reply-To: <20150630.222238.1512981023241287808.maz@iij.ad.jp>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Tue, Jun 30, 2015 at 10:22:38PM +0900, Matsuzaki Yoshinobu wrote:
> Randy Bush <randy@psg.com> wrote
> >> A friend in AS58587 confirmed that this was caused by a configuration
> >> error - it seems like related to redistribution, and they already
> >> fixed that.
> >
> > 7007 all over again. do not redistribute bgp into igp. do not
> > redistribute igp into bgp.
>
> I also suggested them to implement BGP community based route filtering
> in their outbound policy. Any other suggestions or thoughts to
> prevent such incidents in general?
In addition to the BGP community scheme, outbound as-path filters could
help. Most network's list of transit providers is fairly static, it
would be easiy with as-path filters to prevent announcing upstream
routes to other upstreams or peering partners.
Kind regards,
Job
