 |
 |
On Dec 9, 2017, at 7:00 PM, Jason Hanke <[log in to unmask]> wrote: > > it's time for secure route servers. Job sent out a list of ixp and quite a few of them are already doing rpki or irr filtering. I second this. IXPmanager makes this easy. > >> On Dec 8, 2017 11:06 PM, "Richard Laager" <[log in to unmask]> wrote: >> Zero length is a subset of “doesn’t start with their AS”, so if we filter on that condition, hopefully we will catch that too. >> >> -- >> Richard >> >> > On Dec 8, 2017, at 23:04, Frank Bulk <[log in to unmask]> wrote: >> > >> > If the issue was that the AS PATH was zero length, can BIRD filter those out? >> > >> > Frank >> > >> > -----Original Message----- >> > From: MICE Discuss [mailto:[log in to unmask]] On Behalf Of Doug McIntyre >> > Sent: Friday, December 8, 2017 6:15 PM >> > To: [log in to unmask] >> > Subject: Re: [MICE-DISCUSS] Attribute Length Error today >> > >> >> On Fri, Dec 08, 2017 at 06:03:21PM -0600, Andrew Hoyos wrote: >> >> The more important question - why didn’t the route servers drop that? I’d assume there should be inbound filters to drop bogons+default+$otherbadstuff. >> > >> > They do have filters for bogons + default route. >> > >> > I suspect bad AS attribute processing is part of what made it get leaked onwards. >> > The BIRD servers were logging that as well during this period. >> > >> >> On a larger scale, this sort of thing begs the question - do we need to have folks in some sort of isolated VLAN with test sessions to the route servers upon turnup? SIX does this, as well as others, I suspect to prevent these exact issues from happening. >> > >> > Possibly. >> > >> > >> > -- >> > Doug McIntyre <[log in to unmask]> >> > ~.~ ipHouse ~.~ >> > Network Engineer/Provisioning/Jack of all Trades >> > > > To unsubscribe from the MICE-DISCUSS list, click the following link: > http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1