Participants leaking BGP routes for the MICE IXP Block
I have BGPmon set up to notify me of the MICE IXP blocks (IPv4 and IPv6) are being announce in BGP by any other AS that MICE itself. The current BPC is to not even put a route in your IGP for for an exchange block, let alone originate a BGP route for it. http://www.bgp4all.com.au/dokuwiki/_media/conferences/apnic42-ixp-design-bcp... See slide 45. In the last 2 or 3 months I have seen three different participant ASNs originate routes for 206.108.255.0/24, haven't seen any for do it for 2001:504:27::0/48. I'm not going to name and shame, at least for past events. But, what should we do about this going forward? 1. Ignore it 2. Notify transgressors PRIVATELY 3. Manually, Name and Shame transgressors 4. Automated, Name and Shame of transgressors (setup a BGPmon account to mail to MICE-DISCUSS) 5. Other ideas? (electro-shock for transgressors :) ) Thanks -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
On 12/01/2016 06:56 PM, David Farmer wrote:
2. Notify transgressors PRIVATELY 3. Manually, Name and Shame transgressors 4. Automated, Name and Shame of transgressors (setup a BGPmon account to mail to MICE-DISCUSS)
If you are willing to do the work, I like 2, followed by 3. If you don't want to do the work, then 4. -- Richard
I agree... first strike private, second strike public. Automatic if you don't want to be the transgressor tracker. Russ -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Richard Laager Sent: Thursday, December 01, 2016 8:00 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] Participants leaking BGP routes for the MICE IXP Block On 12/01/2016 06:56 PM, David Farmer wrote:
2. Notify transgressors PRIVATELY 3. Manually, Name and Shame transgressors 4. Automated, Name and Shame of transgressors (setup a BGPmon account to mail to MICE-DISCUSS)
If you are willing to do the work, I like 2, followed by 3. If you don't want to do the work, then 4. -- Richard
I didn't think of that variant, but that's why we discuss these kind of things. I'm willing to give that a try. Heck, I might even give people two or three strikes, especially if the actually respond to my email rather than ignore me. :) However, I thought of one advantage of #4 after sending the email. In the case on non-nuisance incidents, like an actual hijack event, everyone is notified immediately. Otherwise, it has to wait for me to forward the email in the case of an actual event. BGPmon pages me, because the University has the paid service, but I'm only human and therefore fallible. Any other comments? On Thu, Dec 1, 2016 at 8:02 PM, Russell Berg <berg@wins.net> wrote:
I agree... first strike private, second strike public. Automatic if you don't want to be the transgressor tracker.
Russ
-----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Richard Laager Sent: Thursday, December 01, 2016 8:00 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] Participants leaking BGP routes for the MICE IXP Block
On 12/01/2016 06:56 PM, David Farmer wrote:
2. Notify transgressors PRIVATELY 3. Manually, Name and Shame transgressors 4. Automated, Name and Shame of transgressors (setup a BGPmon account to mail to MICE-DISCUSS)
If you are willing to do the work, I like 2, followed by 3. If you don't want to do the work, then 4.
-- Richard
-- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
Everyone should not be sending that range but if they are can the import filters for each bgp neighbor to ignore drop for that routes if one is received. Just like the private IP list and AS list. gary.glissendorf@sdncommunications.com<mailto:gary.glissendorf@sdncommunications.com> <gary.glissendorf@sdncommunications.com<mailto:gary.glissendorf@sdncommunications.com>> 2900 W. 10th St. | Sioux Falls, SD 57104 (w) 605.978.3558 | (c) 605.359-3737 | (tf) 800.247.1442 SDN NOC 877.287.8023 NOC Support email: sdnsupport@sdncommunications.com<mailto:sdnsupport@sdncommunications.com> <sdnsupport@sdncommunications.com<mailto:sdnsupport@sdncommunications.com>> “Be Excellent to Each Other” From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of David Farmer Sent: Thursday, December 1, 2016 10:12 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] Participants leaking BGP routes for the MICE IXP Block I didn't think of that variant, but that's why we discuss these kind of things. I'm willing to give that a try. Heck, I might even give people two or three strikes, especially if the actually respond to my email rather than ignore me. :) However, I thought of one advantage of #4 after sending the email. In the case on non-nuisance incidents, like an actual hijack event, everyone is notified immediately. Otherwise, it has to wait for me to forward the email in the case of an actual event. BGPmon pages me, because the University has the paid service, but I'm only human and therefore fallible. Any other comments? On Thu, Dec 1, 2016 at 8:02 PM, Russell Berg <berg@wins.net<mailto:berg@wins.net>> wrote: I agree... first strike private, second strike public. Automatic if you don't want to be the transgressor tracker. Russ -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET>] On Behalf Of Richard Laager Sent: Thursday, December 01, 2016 8:00 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET> Subject: Re: [MICE-DISCUSS] Participants leaking BGP routes for the MICE IXP Block On 12/01/2016 06:56 PM, David Farmer wrote:
2. Notify transgressors PRIVATELY 3. Manually, Name and Shame transgressors 4. Automated, Name and Shame of transgressors (setup a BGPmon account to mail to MICE-DISCUSS)
If you are willing to do the work, I like 2, followed by 3. If you don't want to do the work, then 4. -- Richard -- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ________________________________ ***This message and any attachments are solely for the intended recipient. If you are not the intended recipient, disclosure, copying, use or distribution of the information included in this message is prohibited -- Please immediately and permanently delete.***
Couldn't we automate private notification followed by public if not resolved within 24 hours? Wouldn't that be the best of both worlds? Owen On Dec 1, 2016, at 23:11, David Farmer <farmer@UMN.EDU<mailto:farmer@UMN.EDU>> wrote: I didn't think of that variant, but that's why we discuss these kind of things. I'm willing to give that a try. Heck, I might even give people two or three strikes, especially if the actually respond to my email rather than ignore me. :) However, I thought of one advantage of #4 after sending the email. In the case on non-nuisance incidents, like an actual hijack event, everyone is notified immediately. Otherwise, it has to wait for me to forward the email in the case of an actual event. BGPmon pages me, because the University has the paid service, but I'm only human and therefore fallible. Any other comments? On Thu, Dec 1, 2016 at 8:02 PM, Russell Berg <berg@wins.net<mailto:berg@wins.net>> wrote: I agree... first strike private, second strike public. Automatic if you don't want to be the transgressor tracker. Russ -----Original Message----- From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET>] On Behalf Of Richard Laager Sent: Thursday, December 01, 2016 8:00 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET<mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET> Subject: Re: [MICE-DISCUSS] Participants leaking BGP routes for the MICE IXP Block On 12/01/2016 06:56 PM, David Farmer wrote:
2. Notify transgressors PRIVATELY 3. Manually, Name and Shame transgressors 4. Automated, Name and Shame of transgressors (setup a BGPmon account to mail to MICE-DISCUSS)
If you are willing to do the work, I like 2, followed by 3. If you don't want to do the work, then 4. -- Richard -- =============================================== David Farmer Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.iphouse.net_cgi-2Dbin_wa-3FSUBED1-3DMICE-2DDISCUSS-26A-3D1&d=DgMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=Q_d8tNiSzoBecM8os8iGQA&m=qj1Uj9RKeckAhVvSBGBeQQX7W1CHRULaPHxrHNliRgk&s=W4i2NLMMy3iSzg0I6RRKd8mVmvM687E-HWT6PBfXobg&e=>
participants (5)
-
David Farmer -
DeLong, Owen -
Gary Glissendorf -
Richard Laager -
Russell Berg