[32210] in North American Network Operators' Group
Re: Trusting BGP sessions
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Nov 14 15:53:37 2000
From: "Steven M. Bellovin" <smb@research.att.com>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 14 Nov 2000 15:45:39 -0500
Message-Id: <20001114204539.CDFCC35DC2@smb.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <20001114202940.19022.cpmta@c004.sfo.cp.net>, Sean Donelan writes:
>
>On Mon, 13 November 2000, David Diaz wrote:
>> The cabal makes jokes "Officially there is no cabal."
>> In reality the fact is that peering is a trust event. You are
>
>Peering is a business decision. It is not an engineering decision
>nor a trust event.
>
>Technically, can a peer BGP session do any more or less damage to
>your network than a customer BGP session? The protocol is identical.
Peer BGP is (often) worse because you can't filter it as aggressively.
You *know* what prefixes your customers can advertise, and you can
discard anything else. But if you have two or more peer sessions, you
don't in general know which prefixes can legally come from which
sessions.
--Steve Bellovin
