On Fri, Dec 08, 2017 at 06:03:21PM -0600, Andrew Hoyos wrote:
>The more important question - why didn’t the route servers drop that? I’d assume there should be inbound filters to drop bogons+default+$otherbadstuff.
They do have filters for bogons + default route.
I suspect bad AS attribute processing is part of what made it get leaked onwards.
The BIRD servers were logging that as well during this period.
>On a larger scale, this sort of thing begs the question - do we need to have folks in some sort of isolated VLAN with test sessions to the route servers upon turnup? SIX does this, as well as others, I suspect to prevent these exact issues from happening.
Possibly.
--
Doug McIntyre <[log in to unmask]>
~.~ ipHouse ~.~
Network Engineer/Provisioning/Jack of all Trades
|