[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

6453 routing leaks (January and Today)



Would love a pm on the platform in question

Sent from my iPhone

On 2011-02-25, at 12:23 PM, "Paul Stewart" <paul at paulstewart.org> wrote:

> Yes, very scary actually....
>
> Human error is unavoidable - it's going to happen at times - BUT....
>
> In our communities design, there has been times where we have missed  
> a tag
> on an inbound customer for example.  It scares the crap out of me to  
> think
> that something like that simple mistake could cause route leakage.
> Thankfully, anytime it has happened it would caught pretty quickly  
> and fixed
> - in the meantime the routes simply didn't leave our network (the  
> way it
> should be).
>
> Obviously the scales are different between someone like ourselves  
> and that
> of TATA - but the principles and common sense remain.
>
> Paul
>
>
>
> -----Original Message-----
> From: Richard A Steenbergen [mailto:ras at e-gerbil.net]
> Sent: Friday, February 25, 2011 12:52 PM
> To: Jared Mauch
> Cc: NANOG list
> Subject: Re: 6453 routing leaks (January and Today)
>
> On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
>> Update:
>>
>> I have had a source ask me to post the following:
>>
>> -- snip --
>> The problem with route leaking was caused by specific routing  
>> platform
>> resulting in some peer routes not being properly tagged.
>> We are deploying additional measures to prevent this from happening  
>> in
>> the future
>> -- snip --
>
> Hopefully someone learned a lesson about BGP community design, and how
> it should fail safe by NOT leaking if you accidentally fail to tag a
> route. Always require a positive match on a route to advertise to  
> peers,
> not the absence of a negative match.
>
> -- 
> Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1  
> 2CBC)
>
>