[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
6453 routing leaks (January and Today)
Would love a pm on the platform in question
Sent from my iPhone
On 2011-02-25, at 12:23 PM, "Paul Stewart" <paul at paulstewart.org> wrote:
> Yes, very scary actually....
> Human error is unavoidable - it's going to happen at times - BUT....
> In our communities design, there has been times where we have missed
> a tag
> on an inbound customer for example. It scares the crap out of me to
> that something like that simple mistake could cause route leakage.
> Thankfully, anytime it has happened it would caught pretty quickly
> and fixed
> - in the meantime the routes simply didn't leave our network (the
> way it
> should be).
> Obviously the scales are different between someone like ourselves
> and that
> of TATA - but the principles and common sense remain.
> -----Original Message-----
> From: Richard A Steenbergen [mailto:ras at e-gerbil.net]
> Sent: Friday, February 25, 2011 12:52 PM
> To: Jared Mauch
> Cc: NANOG list
> Subject: Re: 6453 routing leaks (January and Today)
> On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
>> I have had a source ask me to post the following:
>> -- snip --
>> The problem with route leaking was caused by specific routing
>> resulting in some peer routes not being properly tagged.
>> We are deploying additional measures to prevent this from happening
>> the future
>> -- snip --
> Hopefully someone learned a lesson about BGP community design, and how
> it should fail safe by NOT leaking if you accidentally fail to tag a
> route. Always require a positive match on a route to advertise to
> not the absence of a negative match.
> Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1