[189795] in North American Network Operators' Group
Re: intra-AS messaging for route leak prevention
daemon@ATHENA.MIT.EDU (Joe Provo)
Tue Jun 7 01:03:38 2016
X-Original-To: nanog@nanog.org
Resent-From: Job Snijders <job@instituut.net>
Resent-To: nanog@nanog.org
Date: Mon, 6 Jun 2016 18:03:38 -0400
From: Joe Provo <nanog-post@rsuc.gweep.net>
To: Job Snijders <job@instituut.net>
In-Reply-To: <20160606155418.GD35417@22.rev.meerval.net>
Reply-To: nanog-post@rsuc.gweep.net
Cc: "nanog@nanog.org" <nanog@nanog.org>, "Sriram,
Kotikalapudi \(Fed\)" <kotikalapudi.sriram@nist.gov>
Errors-To: nanog-bounces@nanog.org
On Mon, Jun 06, 2016 at 05:54:18PM +0200, Job Snijders wrote:
> On Mon, Jun 06, 2016 at 11:41:52AM +0000, Sriram, Kotikalapudi (Fed) wrote:
> > I am a co-author on a route-leak detection/mitigation/prevention draft
> > in the IDR WG in the IETF:
> > https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-03
> >
> > Question: Are there other means of conveying this information
> > in common use today (i.e. for prevention of route leaks)?
[snip]
>
> For instance AT&T and NTT agreed (through email) that there should be no
> intermediate networks between 2914 & 7018, therefore NTT blocks
> announcements that match as-path-regexp '_7018_' on any and all eBGP
> sessions, except the direct sessions with 7018. NTT calls this concept
> "peerlocking".
>
> I'll cover this approach at the upcoming NANOG meeting in Chicago:
> https://www.nanog.org/meetings/abstract?id=2860
Dropping unexpected AS vectors was frequently used in the 1990s
by folks, especially in the context of seeking to ensure traffic
intended for direct/private interconnections stayed on them. I
know some folks would also just filter "big networks" (to avoid
that marketing term) from other peers to sidestep the impact of
leaks.
It doesn't fit for all peers/networks (eg content which will
seek alternate paths around congestion), but if you can fold
it into your automation it is helpful.
Cheers!
Joe
--
RSUC / GweepNet / Spunk / FnB / CotSG / Usenix / NANOG
