[c-nsp] Non-transit customer AS and prefix leaks

Artyom Viklenko artem at aws-net.org.ua
Mon Apr 18 05:49:47 EDT 2011


18.04.2011 12:19, Keegan Holley пишет:
> I may be missing something obvious, but shouldn't your prefixes
 > have hit the Internet with a hop count of 1 and the bogus routes
 > a hop count of at least three? If that's the case wouldn't your
 > prefixes be the best path?  Assuming I've missed something than
 > the no-export community and as prepend suggestions proposed by
 > others should work.

We have some prefixes which we don't annouce to DE-CIX.
Leaked via Customer and it's another upstream prefixes appeared
in this exchange point and lead to incorrect routing.


> Sent from my iPhone
>
> On Apr 18, 2011, at 2:36 AM, Artyom Viklenko<artem at aws-net.org.ua>  wrote:
>
>> Hi, list!
>>
>> I had some problem last weekend. Lets say we - ISP-A, announce
>> some prefixes to Customer. Due to some bug or misconfiguration
>> these prefixes reached ISP-B (who provides another uplink to
>> Customer). I'm was surprised that ISP-B received our prefixes
>> from Customer (wrong filters?). And then, these prefixes was
>> announced to Internet and some Exchange Points.
>> This lead to incorrect routing of incoming thrafic towars our
>> prefixes via slow Customer's links. This lead to near 100%
>> packet loss.
>>
>> After several phone calls problem was fixed. But now, I'm
>> trying to find some solution to prevent such problems in future.
>>
>> One solution I thinking of is to mark all announces to such
>> non-transit Customers with no-export community.
>>
>> What do you guys think about this? Is it acceptable or not?
>> Is it any other possible solutions to prevent such cases
>> already in place?
>>
>> Thanks in advance!
>>
>> --
>>            Sincerely yours,
>>                             Artyom Viklenko.
>> -------------------------------------------------------
>> artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
>> artem at viklenko.net   | JID: artem at jabber.aws-net.org.ua
>> FreeBSD: The Power to Serve   -  http://www.freebsd.org
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>


-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem at viklenko.net   | JID: artem at jabber.aws-net.org.ua
FreeBSD: The Power to Serve   -  http://www.freebsd.org


More information about the cisco-nsp mailing list