Print

Print


Noction does their installs themselves normally so arguably none of their settings are default and are subject to the specific build of software they initially install and how their engineer lays down the base config.

RE: The specific instance referenced in the article was the result of several companies failing to follow best practice with regard to their network management from what I recall and noction just amplified the issue. The article above is glazing over a lot of details.

On Wed, Sep 18, 2019, 5:22 PM Andrew Hoyos <[log in to unmask]> wrote:
Folks using route-optimizer things like Noction and such *SHOULD* be setting no-export on any prefixes it generates...
As we’ve seen in history over the last years, that doesn’t always happen. 
I think they recently (last-year ish?) made that a default, instead of a manual setting.


On Sep 18, 2019, at 5:14 PM, Brandon Mulligan <[log in to unmask]> wrote:

David,

Do the MICE route servers not have explicit route filters on each BGP session? If you can't trust a network to advertise only their IPs then how can you trust them to attach a community to their "optimized routes"?

Also, Could one simply use 0:53679 on their "optimized routes" to achieve the same effect?

Thanks.

On 9/18/2019 4:43 PM, David Farmer wrote:
I found an interesting article in my LinkedIn feed last night on BGP Optimizers;


I'd be interesting if anyone in the MICE community is using a BGP Optimizer? Especially one that generates more specific prefixes in BGP. 

I don't want to expose anyone to ridicule, so please don't go there if anyone fesses up, even in jest, this needs to be treated seriously.

However, if anyone is using a BGP Optimizer, especially one generating more specific prefixes, I think it would behoove the MICE community to put in extra defenses against propagating these more specific prefixes through the exchange and out to the Internet in general or even our own downstream customers.

For example we could create a MICE-DROP BGP Community that we can tag any routes that should be dropped if they are (accidentally) announced to the MICE route server or to other MICE peers, such as these more specific routes created by a BGP Optimizer. Basically we would each add something to our routing policy, and on the MICE route servers too, looking for that BGP Community and immediately dropping any routes tag with it. 

Also, if anyone is using a BGP Optimizer in our community that would be a very good reason to accelerate IRR based router filtering for our exchange.

Thanks.
--
===============================================
David Farmer               Email:[log in to unmask]
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota  
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================


To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1

-- 
Brandon Mulligan
Kansas City Internet eXchange
http://kcix.net


To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1




To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1



To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1