North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Level(3) filtering (was Yahoo outage summary)

  • From: Kevin Epperson
  • Date: Mon Jul 09 18:24:08 2007

There is some misinformation in previous posts that I would like to clarify on the Level 3 side of things.

Every transit-like connection on AS3356 is prefix-filtered including all parties in this event. On AS3356 all prefix filters and import policies on BGP sessions are audited and checked in almost realtime for people or system errors (missing, mis-referenced, not referenced, otherwise broken config, etc.) The prefix filters themselves are generated using data from Level 3's own registry and known public route registries. As several folks have pointed out there are minimal checks for the validity of the source information.

Further details on Level 3 filtering policies are available at:
   whois -h AS3356 | grep remarks

As an aside I see an increase in the number of downstreams asking for as-path filtering or *no* filtering usually with justifications of ISP X doesn't require us to register routes or just does as-path filtering. In my opinion that is bad news for everyone as documented in numerous BCPs, presentations and route-leaks.


Disclaimer - I do work for Level 3 but am expressing my opinions and not those of my employer.