On Dec 9, 2017, at 7:00 PM, Jason Hanke <jayhanke@NEUTRALPATH.NET> wrote:
it's time for secure route servers. Job sent out a list of ixp and quite a few of them are already doing rpki or irr filtering.
I second this. IXPmanager makes this easy.
On Dec 8, 2017 11:06 PM, "Richard Laager" <rlaager@wiktel.com> wrote: Zero length is a subset of “doesn’t start with their AS”, so if we filter on that condition, hopefully we will catch that too.
-- Richard
On Dec 8, 2017, at 23:04, Frank Bulk <fbulk@MYPREMIERONLINE.COM> wrote:
If the issue was that the AS PATH was zero length, can BIRD filter those out?
Frank
-----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Doug McIntyre Sent: Friday, December 8, 2017 6:15 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] Attribute Length Error today
On Fri, Dec 08, 2017 at 06:03:21PM -0600, Andrew Hoyos wrote: The more important question - why didn’t the route servers drop that? I’d assume there should be inbound filters to drop bogons+default+$otherbadstuff.
They do have filters for bogons + default route.
I suspect bad AS attribute processing is part of what made it get leaked onwards. The BIRD servers were logging that as well during this period.
On a larger scale, this sort of thing begs the question - do we need to have folks in some sort of isolated VLAN with test sessions to the route servers upon turnup? SIX does this, as well as others, I suspect to prevent these exact issues from happening.
Possibly.
-- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1