[181681] in North American Network Operators' Group
Re: NTT->HE earlier today (~10am EDT)
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Jun 30 18:45:06 2015
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <559317A6.2060209@he.net>
Date: Tue, 30 Jun 2015 17:40:03 -0500
To: Mike Leber <mleber@he.net>
Cc: Tore Anderson <tore@fud.no>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We have been pushing large configurations to devices. You can check my slide=
s from the London IEPG meeting.=20
When 96% of your config is prefix filters we are sure trying.
I ask others to encourage your vendors to make this a priority as we have fa=
ced a number of issues in this area and have been waiting quite some time fo=
r vendor resolution.=20
Jared Mauch
> On Jun 30, 2015, at 5:26 PM, Mike Leber <mleber@he.net> wrote:
>=20
>=20
>=20
>> On 6/30/15 3:02 PM, Tore Anderson wrote:
>> * Mike Leber
>>=20
>>> I was thinking that when I posted yesterday.
>>>=20
>>> These were announcements from a peer, not customer routes.
>>>=20
>>> We are lowering our max prefix limits on many peers as a result of this.=
>>>=20
>>> We are also going towards more prefix filtering on peers beyond bogons
>>> and martians.
>> Hi Mike,
>>=20
>> You're not mentioning RPKI here. Any particular reason why not?
>>=20
>> If I understand correctly, in today's leak the origin AS was
>> changed/reset, so RPKI ought to have saved the day. (At least Grzegorz'
>> day, considering that 33 of AS43996's prefixes are covered by ROAs.)
>=20
> Yes, we will incorporate RPKI into how we build our prefix filters for pee=
rs as we improve our tools.
>=20
> Currently this will involve some amount of prefix list compression due to t=
he limits of current hardware and the need to still have BGP converge.
>=20
> As Job Snijders said, "I would forsee issues if i'd try to add an eleven m=
egabyte prefix-list on all devices in the network.".
>=20
> Mike.
