[29376] in North American Network Operators' Group
Re: using IRR tools for BGP route filtering
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Jun 20 04:32:09 2000
Date: 20 Jun 2000 01:29:04 -0700
Message-ID: <20000620082904.6584.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: nanog@merit.edu
From: Sean Donelan <sean@donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
I believe every major backbone has suffered a multi-hour service
disruption due to another provider announcing blackhole routes.
The most recent one was Sprint a couple of weeks ago when another
major provider re-announced part of their network in Chicago. Its
not just a risk from "small" providers like 7007. Most of the
widely distributed bogus announcements pass through large providers
like Spring and UUNET. Most bogus announcements only affect a
single network customer, like the FCC web site, so some people
just assume its usual Internet flakiness when they can't reach
a network.
Its strange to see carriers whose management wouldn't think of
ignoring the LERG, believe its ok to risk extended service
disruptions by announcing and listening to unfiltered,
unauthenticated routing information.
Are engineers keeping their managers' in the dark. Does management
not know there is a potential solution to the problem. Or does
their management really think its Ok their customers are at risk
of losing service at any time due to unfiltered routes. When you
speak with your Cisco sales rep, do you tell them one of the requirements
is being able to filter the entire route table with multiple peers.
