David,
Do the MICE route servers not have explicit route filters on each BGP session? If you can't trust a network to advertise only their IPs then how can you trust them to attach a community to their "optimized routes"?
Also, Could one simply use 0:53679 on their "optimized routes" to achieve the same effect?
Thanks.
On 9/18/2019 4:43 PM, David Farmer wrote:
> I found an interesting article in my LinkedIn feed last night on BGP Optimizers;
>
> https://www.itnews.com.au/news/bgp-optimisers-seem-a-good-idea-until-they-bring-down-the-internet-530928?
>
> I'd be interesting if anyone in the MICE community is using a BGP Optimizer? Especially one that generates more specific prefixes in BGP.
>
> I don't want to expose anyone to ridicule, so please don't go there if anyone fesses up, even in jest, this needs to be treated seriously.
>
> However, if anyone is using a BGP Optimizer, especially one generating more specific prefixes, I think it would behoove the MICE community to put in extra defenses against propagating these more specific prefixes through the exchange and out to the Internet in general or even our own downstream customers.
>
> For example we could create a MICE-DROP BGP Community that we can tag any routes that should be dropped if they are (accidentally) announced to the MICE route server or to other MICE peers, such as these more specific routes created by a BGP Optimizer. Basically we would each add something to our routing policy, and on the MICE route servers too, looking for that BGP Community and immediately dropping any routes tag with it.
>
> Also, if anyone is using a BGP Optimizer in our community that would be a very good reason to accelerate IRR based router filtering for our exchange.
>
> Thanks.
> --
> ===============================================
> David Farmer Email:[log in to unmask]
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE Phone: 612-626-0815
> Minneapolis, MN 55414-3029 Cell: 612-812-9952
> ===============================================
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>
--
Brandon Mulligan
Kansas City Internet eXchange
http://kcix.net
