 |
 |
it's time for secure route servers. Job sent out a list of ixp and quite a few of them are already doing rpki or irr filtering. On Dec 8, 2017 11:06 PM, "Richard Laager" <[log in to unmask]> wrote: > Zero length is a subset of “doesn’t start with their AS”, so if we filter > on that condition, hopefully we will catch that too. > > -- > Richard > > > On Dec 8, 2017, at 23:04, Frank Bulk <[log in to unmask]> wrote: > > > > If the issue was that the AS PATH was zero length, can BIRD filter those > out? > > > > Frank > > > > -----Original Message----- > > From: MICE Discuss [mailto:[log in to unmask]] On Behalf Of > Doug McIntyre > > Sent: Friday, December 8, 2017 6:15 PM > > To: [log in to unmask] > > Subject: Re: [MICE-DISCUSS] Attribute Length Error today > > > >> On Fri, Dec 08, 2017 at 06:03:21PM -0600, Andrew Hoyos wrote: > >> The more important question - why didn’t the route servers drop that? > I’d assume there should be inbound filters to drop > bogons+default+$otherbadstuff. > > > > They do have filters for bogons + default route. > > > > I suspect bad AS attribute processing is part of what made it get leaked > onwards. > > The BIRD servers were logging that as well during this period. > > > >> On a larger scale, this sort of thing begs the question - do we need to > have folks in some sort of isolated VLAN with test sessions to the route > servers upon turnup? SIX does this, as well as others, I suspect to prevent > these exact issues from happening. > > > > Possibly. > > > > > > -- > > Doug McIntyre <[log in to unmask]> > > ~.~ ipHouse ~.~ > > Network Engineer/Provisioning/Jack of all Trades > > >