[afnog] BGP

Andy Davidson andy at nosignal.org
Tue Jul 22 19:37:49 UTC 2014


Hi,

Mark Tinka wrote:
> On Monday, July 21, 2014 06:14:30 PM Randy Bush wrote:
> > max prefix is a bad crutch.  irr-based route filter.
> Doesn't sounds like his peer are reasonable enough to have this in place.
> For such a peer, max-prefix may be a better option, since they are all over the place.

I agree with Randy that an irr filter is the best way, are the prefixes that you do expect to see in an irr database?

If not, then are the leaked prefixes coming from the peer's downstream customers, of the peer's transit providers?  If it's the peer's transit providers than you are lucky as you can add an as-path filter to the session to allow prefixes except when the path is ^peer_transitprovider.  If the peer's downstreams are leaking then the peer REALLY need to add filters to their downstream customers because this is only going to get worse as the market grows, and this is going to cause a major wide-reaching blackhole event one day (that you will suffer from if you keep the peering).

Don't be tempted to make a manual list by agreement with the peer, that simply won't scale.  Let the irr databases do the work for you.

Good luck, Saul, and tell us what you eventually do.

Andy



More information about the afnog mailing list