[181654] in North American Network Operators' Group
Re: Route leak in Bangladesh
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Tue Jun 30 10:42:24 2015
X-Original-To: nanog@nanog.org
Date: Tue, 30 Jun 2015 10:39:56 -0400 (EDT)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: nanog@nanog.org
In-Reply-To: <20150630.222238.1512981023241287808.maz@iij.ad.jp>
Errors-To: nanog-bounces@nanog.org
On Tue, 30 Jun 2015, Matsuzaki Yoshinobu wrote:
> Randy Bush <randy@psg.com> wrote
>>> A friend in AS58587 confirmed that this was caused by a configuration
>>> error - it seems like related to redistribution, and they already
>>> fixed that.
>>
>> 7007 all over again. do not redistribute bgp into igp. do not
>> redistribute igp into bgp.
>
> I also suggested them to implement BGP community based route filtering
> in their outbound policy. Any other suggestions or thoughts to
> prevent such incidents in general?
At a minimum, AS-PATH filtering of outgoing routes to just your ASN(s) and
your downstream customer ASNs. Whether this is done manually, built
using AS-SETs from your route registry of choice, or through some other
automated means is another story.
jms
