[181651] in North American Network Operators' Group
Re: Route leak in Bangladesh
daemon@ATHENA.MIT.EDU (Job Snijders)
Tue Jun 30 10:24:50 2015
X-Original-To: nanog@nanog.org
Date: Tue, 30 Jun 2015 16:24:43 +0200
From: Job Snijders <job@instituut.net>
To: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <B5C9AD30-1D5D-4B83-B663-3A86E9CCE5D1@hopcount.ca>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Tue, Jun 30, 2015 at 09:44:12AM -0400, Joe Abley wrote:
> On 30 Jun 2015, at 9:41, Job Snijders wrote:
> >In addition to the BGP community scheme, outbound as-path filters could
> >help.
>
> I agree, but possibly not in the case of a redistribution loop.
>
> (We don't know that's what happened, exactly, but I thought it was worth
> mentioning.)
Joe, you are right.
In this specific situation, for a small to medium sized network, it
might be prudent to apply an outbound prefix-filter on all transit &
peering sessions and thus only allowing prefixes which actually belong
to downstream customers and the network itself.
One could generate that prefix-list based on the network's AS-SET. I
wouldn't deploy /only/ outbound prefix-filters. This method should be
viewed as complementary to other methods such as the already mentioned a
BGP community scheme.
Kind regards,
Job
