Two general schools of thought here:
a.) carry the MICE prefix in your IGP (OSPF, ISIS, etc) - not BGP, if you need it to recurse next hops. While this is the ‘easy button’, it has the unintended impact of allowing things on your network to directly target MICE IPs which should be avoided - the only things we want talking to directly to MICE IP’s are other BGP speaking routers to establish BGP sessions.
b.) set next-hop-self on your sessions on IXP facing router, so next hop is rewritten to the router itself towards the rest of your network. That way, you don’t need to carry the IX prefix in your IGP at all.
> On Mar 30, 2020, at 5:56 PM, Abhi Devireddy <[log in to unmask]> wrote:
>
> And you would be right... I needed a downstream device to have that route.
> It's been fixed now. Sorry for the extraneous alert.
>
> I'll check that on our other session (AS3789) as well.
>
> Abhi
> From: MICE Discuss <[log in to unmask]> on behalf of Andrew Hoyos <[log in to unmask]>
> Sent: Monday, March 30, 2020 5:52 PM
> To: [log in to unmask] <[log in to unmask]>
> Subject: Re: [MICE-DISCUSS] BGP alerts about AS 53740 (OPTBIT)
>
> One of the most common reasons we see this is from ‘redist connected’ without any sanity check or prefix filter.
>
>> On Mar 30, 2020, at 5:49 PM, Jeremy Lumby <[log in to unmask] > wrote:
>>
>> Abhi,
>>
>> It is not as much a question about filtering prefixes, it is more a question of why your network would originate 206.108.255.0/24
>>
>> Jeremy Lumby
>> Minnesota VoIP
>> 9217 17th Ave S #216
>> Bloomington, MN 55425
>> M: 612-355-7740
>> D: 612-392-6814
>> F: 952-873-7425
>> [log in to unmask]
>>
>>
>>
>> From: MICE Discuss [mailto:[log in to unmask] ] On Behalf Of Abhi Devireddy
>> Sent: Monday, March 30, 2020 5:29 PM
>> To: [log in to unmask]
>> Subject: Re: [MICE-DISCUSS] BGP alerts about AS 53740 (OPTBIT)
>>
>> Frank,
>> That's really interesting. I'm sending QRator an unfiltered BGP feed and that might be triggering the error(?).
>> I'll try to filter my feed to QRator to deny the MICE prefix and see if that fixes it.
>>
>> Open to suggestions as well.
>> Abhi
>> From: MICE Discuss <[log in to unmask] > on behalf of Frank Bulk <[log in to unmask] >
>> Sent: Monday, March 30, 2020 5:11 PM
>> To: [log in to unmask] <[log in to unmask] >
>> Subject: [MICE-DISCUSS] BGP alerts about AS 53740 (OPTBIT)
>>
>> Curious if anyone can make sense of this alert from QRator. Are they suggesting OPTBIT is advertising MICE’s /24?
>>
>> I’ve seen this come and go since Sunday night at 10:09 pm Central.
>>
>> Frank
>>
>> From: Radar by Qrator <[log in to unmask] >
>> Sent: Monday, March 30, 2020 2:49 AM
>>
>> Subject: [BGP ALERT] [HIGH] Created Hijacks
>>
>> Time: 30.03.2020 07:42:00 UTC
>> Created Hijacks
>> New IPv4 incidents:
>> Target Prefix
>> Target ASN
>> Affected prefix
>> Affected ASN
>> Severity
>> Propagation
>> 206.108.255.0/24
>> 18883 (FIBERNET-NETWORK-OPERATIONS-CENTER)
>> 206.108.255.0/24
>> 53740 (OPTBIT)
>> High
>> 1
>> AS Names involved in the incident:
>> AS18883 (FIBERNET-NETWORK-OPERATIONS-CENTER), AS53740 (OPTBIT)
>> Active IPv4 incident count: 16
>> Radar by Qrator
>>
>> To unsubscribe from the MICE-DISCUSS list, click the following link:
>> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>>
>> To unsubscribe from the MICE-DISCUSS list, click the following link:
>> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>> To unsubscribe from the MICE-DISCUSS list, click the following link:
>> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
