LISTSERV 16.0 - MICE-DISCUSS Archives

Well we can't necessarily trust them to attach the BGP Community or filter properly, this is why if there are people using BGP Optimizers, I would want us to accelerate IRR filtering for MICE, but even that isn't perfect.

However, the idea around a MICE-DROP BGP Community is to develop a robust approach, belt and suspenders so to speak. For example, let's say they are filtering but they make a mistake editing their filter, or they load new code on their router and a bug allows routes to leak. If in a different part of their configuration, or maybe on the BGP Optimizer itself, they set the MICE-DROP community, then their mistake or bug still won't propagate through MICE, because the other MICE participants or the MICE route servers would know to drop the routes with that tag anyway. It's also why we all need to enforce max prefix counts on our peers and on peers to the route servers, it helps catch the unexpected mistake or bug.

Robust systems have multiple layers of protection. The break system on your car probably has power assist of some kind, but your breaks are designed to work even if the power assist fails, you still have manual, unassisted, hydraulics through the break pedal, and if the hydraulic system completely fails, you have a emergency break with a cable attached to a lever that can use to engage the breaks.

Something like a MICE-DROP BGP Community allows responsible peers to implemnet robust filtering of their routes, where even if something fails on their side, maybe something our our side can catch the failure and prevent it being propagated.

Thanks.

On Wed, Sep 18, 2019 at 5:14 PM Brandon Mulligan <[log in to unmask]> wrote:

David,

Do the MICE route servers not have explicit route filters on each BGP session? If you can't trust a network to advertise only their IPs then how can you trust them to attach a community to their "optimized routes"?

Also, Could one simply use 0:53679 on their "optimized routes" to achieve the same effect?

Thanks.

On 9/18/2019 4:43 PM, David Farmer wrote:

I found an interesting article in my LinkedIn feed last night on BGP Optimizers;

https://www.itnews.com.au/news/bgp-optimisers-seem-a-good-idea-until-they-bring-down-the-internet-530928?

I'd be interesting if anyone in the MICE community is using a BGP Optimizer? Especially one that generates more specific prefixes in BGP.

I don't want to expose anyone to ridicule, so please don't go there if anyone fesses up, even in jest, this needs to be treated seriously.

However, if anyone is using a BGP Optimizer, especially one generating more specific prefixes, I think it would behoove the MICE community to put in extra defenses against propagating these more specific prefixes through the exchange and out to the Internet in general or even our own downstream customers.

For example we could create a MICE-DROP BGP Community that we can tag any routes that should be dropped if they are (accidentally) announced to the MICE route server or to other MICE peers, such as these more specific routes created by a BGP Optimizer. Basically we would each add something to our routing policy, and on the MICE route servers too, looking for that BGP Community and immediately dropping any routes tag with it.

Also, if anyone is using a BGP Optimizer in our community that would be a very good reason to accelerate IRR based router filtering for our exchange.

Thanks.
--

===============================================
David Farmer    Email:[log in to unmask]
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- 
Brandon Mulligan
Kansas City Internet eXchange
http://kcix.net
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1