> On Dec 8, 2017, at 6:14 PM, Doug McIntyre <[log in to unmask]> wrote:
>
> On Fri, Dec 08, 2017 at 06:03:21PM -0600, Andrew Hoyos wrote:
>> The more important question - why didn’t the route servers drop that? I’d assume there should be inbound filters to drop bogons+default+$otherbadstuff.
>
> They do have filters for bogons + default route.
Cool.
> I suspect bad AS attribute processing is part of what made it get leaked onwards.
> The BIRD servers were logging that as well during this period.
Gotcha, while extra work, would it be easy enough to add first hop AS path filters on sessions on the route servers? Or do these already exist as well?
Without testing, I’m not sure if that even would have prevented this specific scenario, but it seems like one we should prevent in the future, somehow.
--
Andrew Hoyos
[log in to unmask]
|