North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: So -- what did happen to Panix?

  • From: Josh Karlin
  • Date: Wed Feb 08 11:09:47 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hQdhIPmCpI+KlTraFturQV0630i/IqeedfJvfpDFaXUixNh3+0BWx4EBQaOaq10bpYg87lyjibXROYLEbHu4RtffP29R1WEYuIu2pk62eF2TMdZ6aB3x6kTRYwO2e+ZXaXU54cKCvUBGflakvziC8m+2sDLLGhh2yBUaLlk13ps=

Here is what we propose in PGBGP.  If you have a more specific route
and its AS Path does not contain any of the less specific route's
origins, then ignore it for a day and keep routing to the less
specific origin.  If it's legitimate the less specific origin should
forward the data on for the day.

We see about 30 of these suspicious routes per day.

I imagine some of you will not like this sceheme.  Please let me know why.

Josh



On 2/8/06, Jeffrey Haas <[email protected]> wrote:
>
> On Wed, Feb 08, 2006 at 04:37:31AM +0000, Christopher L. Morrow wrote:
> > I had thought Josh's paper (or maybe not josh, whomever it was) said
> > something along the lines of:
> > 1) if more than one announcement prefer 'longer term', 'older', 'more
> > usual' route
> > 2) if only one route take it and run!
>
> FWIW, this sort of mechanism was discussed among the IETF RPSEC WG
> task group that is working on BGP security requirements.
>
> On the presumption that some database of stable routes and paths
> is present, you could bias your preference in your routes for
> more stable routes and paths.
>
> You would also need to decide what to do about more specific routes
> covered by stable routes.  Do you ignore them?  This is a harder
> question.
>
> --
> Jeff Haas
> NextHop Technologies
>
>
>