[32212] in North American Network Operators' Group
Re: Trusting BGP sessions
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Nov 14 16:06:30 2000
Date: 14 Nov 2000 12:51:16 -0800
Message-ID: <20001114205116.8491.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: smb@research.att.com
From: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
ANS used to filter every peering session they had.
Other ISPs (I won't mention any names) don't seem to filter anything,
peer, customer or other.
This seems to have less to do with technical or trust, than how management
decides to run their business. ANS's management decided to do one thing,
and paid Curtis a lot of money to do it, other ISP's management decide its
too much work. See
http://www.academ.com/nanog/may1996/state-of-the-internet-nsps-qna.html
On Tue, 14 November 2000, "Steven M. Bellovin" wrote:
> In message <20001114202940.19022.cpmta@c004.sfo.cp.net>, Sean Donelan writes:
> >On Mon, 13 November 2000, David Diaz wrote:
> >> The cabal makes jokes "Officially there is no cabal."
> >> In reality the fact is that peering is a trust event. You are
> >
> >Peering is a business decision. It is not an engineering decision
> >nor a trust event.
> >
> >Technically, can a peer BGP session do any more or less damage to
> >your network than a customer BGP session? The protocol is identical.
>
> Peer BGP is (often) worse because you can't filter it as aggressively.
> You *know* what prefixes your customers can advertise, and you can
> discard anything else. But if you have two or more peer sessions, you
> don't in general know which prefixes can legally come from which
> sessions.
