[afnog] How to convince providers to take the sane option....
Mark Tinka
mark.tinka at seacom.mu
Thu May 15 06:43:31 UTC 2014
On Thursday, May 15, 2014 06:18:37 AM Frank Habicht wrote:
> without the knowledge/approval of the "owner" ?
> bad start.... :-(
> (yes, most likely it's a former customer)
I can tell you now that we fight route leaks on a daily
basis. And we don't have to go to an exchange point to enjoy
that priviledge :-).
> Even if all peers get everything...
> ... still they should not announce things they get from
> peering to other peerings or even to upstreams.
> static prefix lists are bad because they will become
> outdated. I know many of us know this song.
>
> Best solution I see is communities.
> - Define one community called "don't advertise to
> upstreams" - add this community to all routes learned
> from upstreams. and to all routes learned from peering
> - don't advertise these routes to upstreams.
> and don't advertise these routes to other peerings.
> ie first rule in the route-map to upstreams:
> deny anything matching that community
Yes, good idea.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://afnog.org/pipermail/afnog/attachments/20140515/04b56772/attachment.sig>
More information about the afnog
mailing list