[32284] in North American Network Operators' Group
Re: [doable?] peer filtering (was Re: Trusting BGP sessions)
daemon@ATHENA.MIT.EDU (Kurt Kayser)
Thu Nov 16 05:07:51 2000
Date: Thu, 16 Nov 2000 11:04:04 +0100
From: Kurt Kayser <kurt@noris.de>
To: John Fraizer <nanog@EnterZone.Net>
Cc: nanog@merit.edu
Message-ID: <20001116110404.F32037@noris.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.21.0011160435130.17744-100000@Overkill.EnterZone.Net>; from nanog@EnterZone.Net on Thu, Nov 16, 2000 at 04:38:33AM -0500
Errors-To: owner-nanog-outgoing@merit.edu
John,
On Thu, Nov 16, 2000 at 04:38:33AM -0500, John Fraizer wrote:
> How do you suppose the router is going to be able to get to the database
> server? It has to have a route to the database server and until it does,
> it can not even verify that it should accept that route.
>
> ---
> John Fraizer
> EnterZone, Inc
In case of a cold-start, I would give the box a base config that tells how
to build the IGP and iBGP topology. Then a DB-server within the ISPs network
should be within reach.
There is more information stored how to connect the external world (peers,
upstreams) and basic filters (martians, own blocks, prefix length)
After that the database links into the IRR-System to get 'live' external
information that passes local policy adjustments (communities, prepends, etc.)
and new updates always get through the database-system. In this case you also
have a kind of BGP-trail (basically http://abcoude.ripe.net/ris/risalpha.cgi)
that can be used in many ways after something went wrong with routing.
I believe not many networks keep what has been happening in their routing
tables. Or even are able to reconstruct a specific situation that lead to
some erradic situation.
Kurt
--
noris network AG / Kilianstrasse 142 \ 90425 Nuernberg
Tel. (0911) 9352-0 / Fax (0911) 9352-100 \ info@noris.net
