[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Peer Filtering
Yep agreed... We balance that by keeping the max-prefix no more than
about 40% over the current prefix limit on each peer. For us it is a
trade-off, accept the routes or don't send the traffic to peering. The
couple of times I have seen route leaks that involved one or two routes
they were paths that worked, they were just wrong and we ended up just
throwing a prefix-list on that peer.
The thing is, one basically has to trust one's transit providers which
don't always filter well. Given this trusting one's peers at least
some-what does not seem too out there.
John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us
-----Original Message-----
From: Martin Barry [mailto:marty at supine.com]
Sent: Monday, February 02, 2009 7:22 PM
To: nanog at nanog.org
Subject: Re: Peer Filtering
$quoted_author = "John van Oppen" ;
>
> Here in the US we don't bother, max-prefix covers it... It seems
that
> US originated prefixes are rather sporadically entered into the
routing
> DBs.
...and you are not worried about someone leaking a subset of routes?
I understand that most failure cases would trigger a max-prefix but a
typo
could allow just enough leakage to not hit max-prefix and yet still make
something "important" unreachable.
cheers
marty
--
with usenet gone, we just don't teach our kids entertainment-level
hyperbole
any more. --Paul Vixie
http://www.merit.edu/mail.archives/nanog/2006-01/msg00593.html