[181677] in North American Network Operators' Group
Re: NTT->HE earlier today (~10am EDT)
daemon@ATHENA.MIT.EDU (Ca By)
Tue Jun 30 18:32:48 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <559317A6.2060209@he.net>
Date: Tue, 30 Jun 2015 15:32:42 -0700
From: Ca By <cb.list6@gmail.com>
To: Mike Leber <mleber@he.net>
Cc: Tore Anderson <tore@fud.no>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tuesday, June 30, 2015, Mike Leber <mleber@he.net> wrote:
>
>
> On 6/30/15 3:02 PM, Tore Anderson wrote:
>
>> * Mike Leber
>>
>> I was thinking that when I posted yesterday.
>>>
>>> These were announcements from a peer, not customer routes.
>>>
>>> We are lowering our max prefix limits on many peers as a result of this.
>>>
>>> We are also going towards more prefix filtering on peers beyond bogons
>>> and martians.
>>>
>> Hi Mike,
>>
>> You're not mentioning RPKI here. Any particular reason why not?
>>
>> If I understand correctly, in today's leak the origin AS was
>> changed/reset, so RPKI ought to have saved the day. (At least Grzegorz'
>> day, considering that 33 of AS43996's prefixes are covered by ROAs.)
>>
>
> Yes, we will incorporate RPKI into how we build our prefix filters for
> peers as we improve our tools.
>
> Currently this will involve some amount of prefix list compression due to
> the limits of current hardware and the need to still have BGP converge.
>
> As Job Snijders said, "I would forsee issues if i'd try to add an eleven
> megabyte prefix-list on all devices in the network.".
>
> Mike.
>
It is NTT that would have mitigated this issue if they deployed and
enforcer rpki, right?
