Yeah, after reading some more of the articles, it was a perfect storm
scenario with several factors cascading the effect.
I doubt PacNOG has much to worry about since of too many of us
accepting the default free zone. We used to do it here at Blue Sky for
a while, but even then I was filtering anything more than 3 hops. As
long as you're not a big shot transit provider, you really shouldn't
care about what's beyond your immediate upstream and their friends.
On another note, I played with AS prepends a while ago in order to try
and force inbound route selection over our primary link (20Mb versus
our 1.5Mb backup link). After much reading and fudging, I abandoned it
and split our allocation instead. Advertising two /21s in addition to
our /20 over the primary link and only the /20 on our backup link. The
CIDR guys probably wouldn't be too happy if we went around doing this
with anything smaller than a /23, but it's a good tradeoff IMO if you
really need to force inbound route selection.
-------------------------------------------------------
Aloiamoa Anesi, Jr.
Systems Engineer
Blue Sky Communications
478 Laufou Shopping Ctr
Pago Pago, American Samoa 96799
--
Ph: +1.684.699.2759 ext 1098
Cell: +1.684.258.1098
VoIP Business Hours: 1098@voip.bluesky.as
On Feb 23, 2009, at 10:33 AM, Scott Weeks wrote:
--- surfer@mauigateway.com wrote:
From: "Scott Weeks" surfer@mauigateway.com
One thing that can be done to help something like this from
spreading around the internet is filter your downstream BGP customers.
I did want to add one thing. The filtering I spoke of is to limit
the maximum number of AS paths that a router doing BGP will see in
addition to filtering based on the prefixes you expect to see from
the customer. Evidently, old cisco code and PC based bgp daemons
have the most trouble. From the NANOG mailing list newer cisco code
has bgp maxas-limit 75 as the default. Personally, it's hard for me
to imagine a need to prepend anywhere close to 75, but it's a wild
and wolly internet out there... ;-)
scott
=================================
================================
pacnog mailing list
pacnog@pacnog.org
http://mailman.apnic.net/mailman/listinfo/pacnog
