Here’s a tweet to the list that Jay is referring to: https://twitter.com/JobSnijders/status/939280110607327232 Frank From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Jason Hanke Sent: Saturday, December 9, 2017 7:01 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] Attribute Length Error today it's time for secure route servers. Job sent out a list of ixp and quite a few of them are already doing rpki or irr filtering. On Dec 8, 2017 11:06 PM, "Richard Laager" <rlaager@wiktel.com<mailto:rlaager@wiktel.com>> wrote: Zero length is a subset of “doesn’t start with their AS”, so if we filter on that condition, hopefully we will catch that too. -- Richard
On Dec 8, 2017, at 23:04, Frank Bulk <fbulk@MYPREMIERONLINE.COM<mailto:fbulk@MYPREMIERONLINE.COM>> wrote:
If the issue was that the AS PATH was zero length, can BIRD filter those out?
Frank
-----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET>] On Behalf Of Doug McIntyre Sent: Friday, December 8, 2017 6:15 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET> Subject: Re: [MICE-DISCUSS] Attribute Length Error today
On Fri, Dec 08, 2017 at 06:03:21PM -0600, Andrew Hoyos wrote: The more important question - why didn’t the route servers drop that? I’d assume there should be inbound filters to drop bogons+default+$otherbadstuff.
They do have filters for bogons + default route.
I suspect bad AS attribute processing is part of what made it get leaked onwards. The BIRD servers were logging that as well during this period.
On a larger scale, this sort of thing begs the question - do we need to have folks in some sort of isolated VLAN with test sessions to the route servers upon turnup? SIX does this, as well as others, I suspect to prevent these exact issues from happening.
Possibly.
-- Doug McIntyre <merlyn@iphouse.net<mailto:merlyn@iphouse.net>> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1