|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: using IRR tools for BGP route filtering
--- Danny McPherson <[email protected]> wrote: > > > I agree with this, and have seen the document, and > have worked for > large providers that performed prefix filtering on > customers long > before IOPS existed. I know that some ISPs have been doing that but that is not good enough. The key is to have EVERY ISP do it to leave no 'holes' for bad routes to sneak in. And that's the model suggested in the paper. > > However, if every ISP performed prefix-based > filtering between one > another, it'd be improved "a lot more". I recall > more than a few > instances when providers inadvertently broke other > providers customers > by "mis-advertising" prefixes. Agree. The ideal situation is to filter on all interface where external routes come in i.e. filter on peers and customers. I used to work for an ISP (ANS) who filtered all its peers and managed to automatically generate router configurations including huge no. of prefix filtering lines. It did help us to dodge the disaster of AS7007 and other similar incidents. However, it does introduce a lot more work. Also, the toughest part is how often to update the filtering list so no legitimate prefixes be blocked. How big a filter list a router can handle in its configuration is something needs to be investigated since number of prefix lines will be huge for peer to peer filtering. In conclusion, the best is for ISPs to filter on peers and customers. But if they can not do that for peers, at least filter on customers. If all ISPs filter its customers, it's already a big step forward. > > And if every ISP performed SA verification between > one another > (presumably with the same filters) it would again be > improved "a > lot" more. > > -danny --jessica > > > If every ISP does prefix based filtering on its > > downstream customers, the integrity of the > Internet > > routing system will be improved a lot. The > document > > below proposes such a model: > > > > http://www.iops.org/Documents/routing.html > > __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
|