|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Deaggregating for emergency purposes
Yes, it is lovely when things work out like that. My one experience with this problem was with Telia announcing my more specifics, and their US NOC referred me to their Europe NOC, and there no one spoke English. They are a tier1, so they don't have any upstream to call. It took 20 phone calls and more than an hour to get to someone who cared enough to do anything about it. --Phil -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Derek Samford Sent: Tuesday, August 06, 2002 2:51 PM To: [email protected]; 'E.B. Dreger'; [email protected] Subject: RE: Deaggregating for emergency purposes Phil, You would think, after hearing about 30 people with clue+++ talk, you may realize that this is a patently *bad* thing and should not be done. If your route's are being hijacked you can generally solve your problems in 2-5 phone calls...That's all it's *ever* taken me. 1. Call their NOC. 2. If not helpful call their upstream. 3. Call a couple of Tier 1's who are transit for their upstream, and have them filter it. Done deal, in the time that you've managed to call your ISP and (maybe) gotten about half the internet to reach you, you've solved the problem for the whole net and have ZERO reachability concerns. This is my first and last post to this ridiculous thread. Derek -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Phil Rosenthal Sent: Tuesday, August 06, 2002 2:44 PM To: 'E.B. Dreger'; [email protected] Subject: RE: Deaggregating for emergency purposes --- So explain how this is superior to DNS entr(y|ies) stating who your peers and upstreams are. And there's nothing to say that one could not specify allowed filters in DNS, too. If someone wants me to advertise 192.168.7/24, and DNS indicates the proper netblock is 192.168.0/19 and their ASN is not origin or adjacent hop, I'll be suspicious. What I do from there becomes a policy question; I probably would contact the IP block owner to verify the request. --- My way isn't superior at all to a secure BGP solution, but until that exists, I need a choice. I am definitely on the bandwagon for the need for a secure BGP. --Phil
|