LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: RIPE down - DDoS confirmed
From: Fredrik Widell <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Fri, 28 Feb 2003 09:13:23 +0100
Content-Type:TEXT/PLAIN
Parts/Attachments:
Parts/Attachments

TEXT/PLAIN (62 lines)


On Fri, 28 Feb 2003, Kurt Erik Lindqvist wrote:

> >> I tried to propose to the PTS that Netnod would start announcing the
> >> ISPs own addressspace and 0.0.0.0/0 to them just to see what happens.
> >> They didn't seem to like the idea...
> >
> > Wonder why? ;-)
> >
>
> On a serious note I do think something like this would be useful. But
> in a controlled environment.
>
>  From my memory we have lost peering (for all ISPs) across D-GIX/Netnod
> two or three times since I started running a connection there, which
> was end of 1996. In two of the cases it was an ISP announcing the
> entire world and in the third case it was someone who started
> announcing the peering prefix (this was around the time it was started
> to get considered good to filter these...:)). Problem is that this was
> back in 1997 and I most of the people who where around then and got
> burnt is not longer running networks. I think we need an incident like
> this every year to keep people on their toes.


Since this discussion is on the list, should'nt we, the Swedish (and nordic)
ISP's try to begin to use prefix-filtering instead of the mixed mess of
maximum-prefixes, as-path-origin or no filters at all?

RIPE has some good tools to check for unregistered route-objects compared
to the live bgp, I proposed these tools to netnod some years or two or so
ago, if we keep the ripedb up-to-date with all our routes -> route-objects
it would be an easy step to begin to use prefix-filters, which would lead
to a much more stable environment when things go bad, i.e if someone shoots
from the hip when configuring their routers, if someone begins to announce
the full bgp-table, this would not affect you if you use prefix-filter, even
if someone does the terrible task of redistribute bgp->igp and back again
igp->bgp (if there exists a router that do not explode when doing this)
you would not be affected of this, if you just use as-path-filters you will
otherwise see the whole Internet behind your neighbours AS and you would probably
use these routes, and die.

So, I would like to suggest to the community that we start testing
prefix-filters between the ISP:s, I am willing to do testing on this
towards anyone who is confident enought that they have done their
homework and have all their routes registered in the ripedb :)

(I am not confident at all regarding that :)



>
> - kurtis -
>

--

Mvh

        /Fredrik

-------------------------------------------------------
KTHNOC, KTH, S-100 44 Stockholm, Sweden +46 8 790 65 17
-------------------------------------------------------

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager