[182456] in North American Network Operators' Group
Re: AW: AW: Prefix-Hijack by AS7514
daemon@ATHENA.MIT.EDU (Mark Tinka)
Fri Jul 17 06:03:12 2015
X-Original-To: nanog@nanog.org
To: Matsuzaki Yoshinobu <maz@iij.ad.jp>, colinj@gt86car.org.uk
From: Mark Tinka <mark.tinka@seacom.mu>
Date: Fri, 17 Jul 2015 12:03:04 +0200
In-Reply-To: <20150717.184626.1455805858013349614.maz@iij.ad.jp>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 17/Jul/15 11:46, Matsuzaki Yoshinobu wrote:
> Yes, I agree, and we have done that. How about peering partners -
> which is our case this time. Is it feasible to maintain strict
> inbound prefix filters for all peering relationships?
To be honest, not really.
Some countries I know do this for their exchange points. But
by-and-large, it is not scalable. Same goes for AS_PATH lists for peering.
One can be liberal at peering points but have max-prefix as a basic
protection mechanism (which is what we do).
Of course, IRR's are the other way to go.
Mark.
