Print

Print


Noction does their installs themselves normally so arguably none of their
settings are default and are subject to the specific build of software they
initially install and how their engineer lays down the base config.

RE: The specific instance referenced in the article was the result of
several companies failing to follow best practice with regard to their
network management from what I recall and noction just amplified the issue.
The article above is glazing over a lot of details.

On Wed, Sep 18, 2019, 5:22 PM Andrew Hoyos <[log in to unmask]> wrote:

> Folks using route-optimizer things like Noction and such *SHOULD* be
> setting no-export on any prefixes it generates...
> As we’ve seen in history over the last years, that doesn’t always happen.
> I think they recently (last-year ish?) made that a default, instead of a
> manual setting.
>
>
> On Sep 18, 2019, at 5:14 PM, Brandon Mulligan <[log in to unmask]> wrote:
>
> David,
>
> Do the MICE route servers not have explicit route filters on each BGP
> session? If you can't trust a network to advertise only their IPs then how
> can you trust them to attach a community to their "optimized routes"?
>
> Also, Could one simply use 0:53679 on their "optimized routes" to achieve
> the same effect?
>
> Thanks.
> On 9/18/2019 4:43 PM, David Farmer wrote:
>
> I found an interesting article in my LinkedIn feed last night on BGP
> Optimizers;
>
>
> https://www.itnews.com.au/news/bgp-optimisers-seem-a-good-idea-until-they-bring-down-the-internet-530928
> ?
>
> I'd be interesting if anyone in the MICE community is using a BGP
> Optimizer? Especially one that generates more specific prefixes in BGP.
>
> I don't want to expose anyone to ridicule, so please don't go there if
> anyone fesses up, even in jest, this needs to be treated seriously.
>
> However, if anyone is using a BGP Optimizer, especially one generating
> more specific prefixes, I think it would behoove the MICE community to put
> in extra defenses against propagating these more specific prefixes through
> the exchange and out to the Internet in general or even our own downstream
> customers.
>
> For example we could create a MICE-DROP BGP Community that we can tag any
> routes that should be dropped if they are (accidentally) announced to the
> MICE route server or to other MICE peers, such as these more specific
> routes created by a BGP Optimizer. Basically we would each add something to
> our routing policy, and on the MICE route servers too, looking for that BGP
> Community and immediately dropping any routes tag with it.
>
> Also, if anyone is using a BGP Optimizer in our community that would be a
> very good reason to accelerate IRR based router filtering for our exchange.
>
> Thanks.
> --
> ===============================================
> David Farmer               Email:[log in to unmask]
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
>
> ------------------------------
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>
> --
> Brandon Mulligan
> Kansas City Internet eXchangehttp://kcix.net
>
>
> ------------------------------
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>
>
>
> ------------------------------
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>