North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Clue's for Clue-less
I agree that core stability is of utmost importance, but by randomly and somewhat unilaterally denying prefixes without verification of the validity of their origin...Hmm, lets see...AS 1 sending the 4.0.0.0 netblock across a direct peering point, but it get's nicked because of max-prefix, so it comes across through a multihomed downstream and all of a sudden, sorry little multihomed downstream is carrying 200 Megs of BBN transit. Oops! I would think that the only thing that this command protects is routers with slim memory profiles. Core routers should let the BGP decision process clean the routes, although I do get scared when 10,000 new routes appear over the weekend. After this weekends fiasco, I can see your reasons, though. Maybe RSNG is useful after all... Chris > -----Original Message----- > From: Richard Irving [mailto:[email protected]] > Sent: Monday, October 26, 1998 4:27 PM > To: Martin, Christian > Cc: '[email protected]' > Subject: Re: Clue's for Clue-less > > > No proof one way, or the other, Martin.... > > The only neighbors I lost on this one, dumped something > they shouldn't..... If someone de-aggregates a /16, > it fires off alarms.... Although these may be valid advertisements, > We have opted for the "safe, rather than sorry" perspective. > (Besides, the alarms *assure* prompt attention) > > Running the internet requires a certain degree of Altruism. > One should set policies that *protect* the core, rather than one's > own....... ;) > > Doing other than this will result in a global internet > that is not reliable...And we all lose. > > "The good of the many, outweigh the desires of the few" > > (No matter *how* expensive a tie they wear ;) > > PS: 11.2.xx and higher have this command... > > > Martin, Christian wrote: > > > > Richard Irving Wrote: > > > To "You Know Who You Are": > > > > > > Since some of the filtering policies on the core *seem* to > > > not benefit the Internet as a whole... (or is that Hole ? ;) > > > > > > May I suggest one that does: > > > > > > neighbor WWW.XXX.YYY.ZZZ maximum-prefix XXXXX > > > > > > It has a way of dropping "clue-nots"..... When > > > they demonstrate said title..... > > > > > > Your clueful attention appreciated. > > > > > > Signed, > > > > > > One *URKED* Core Operator. > > > > > > > What if it has a way of dropping big blocks? From what I've seen n > > sniffer traces, it depends on how the routes are stored in > the BGP table > > that determines how they are advertised. This may have the > effect of > > sinking large, valid netblocks. Unless you've seen otherwise... > > > > -Chris >
|