[c-nsp] Non-transit customer AS and prefix leaks

Artyom Viklenko artem at aws-net.org.ua
Mon Apr 18 08:54:17 EDT 2011


18.04.2011 15:43, Andrew Miehs пишет:
> On Mon, Apr 18, 2011 at 11:27 AM, Artyom Viklenko<artem at aws-net.org.ua>wrote:
>
>> I NEED to annouce these networks to Customer. But Customer should not
>> annouce them to another upstream.
>>
> Ah, missunderstood who was leaking.
>
> The other service provider your customer was peering with obviously didn't
> filter the customers announcements.
> Your customer would add an additional prefix hop, thus increasing the length
> so that hopefully the effects are too bad.
>
> Even with setting no export etc, should your customer want to break things
> he can.
>
> I would speak with his service provider, and ask him why he accepted your
> addresses.
>

This is what was done. His another upstream was informed and fixed filters.

I'm trying to think about possible protection against such things.
But it seems that we need new BGP version 5+ protocol... :)

Thanks to all for discussion!


-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem at viklenko.net   | JID: artem at jabber.aws-net.org.ua
FreeBSD: The Power to Serve   -  http://www.freebsd.org


More information about the cisco-nsp mailing list