North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Deaggregating for emergency purposes
- From: Derek Samford
- Date: Tue Aug 06 14:55:37 2002
You would think, after hearing about 30 people with clue+++
talk, you may realize that this is a patently *bad* thing and should not
be done. If your route's are being hijacked you can generally solve your
problems in 2-5 phone calls...That's all it's *ever* taken me.
1. Call their NOC.
2. If not helpful call their upstream.
3. Call a couple of Tier 1's who are transit for their upstream, and
have them filter it.
Done deal, in the time that you've managed to call your ISP and (maybe)
gotten about half the internet to reach you, you've solved the problem
for the whole net and have ZERO reachability concerns. This is my first
and last post to this ridiculous thread.
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of
Sent: Tuesday, August 06, 2002 2:44 PM
To: 'E.B. Dreger'; email@example.com
Subject: RE: Deaggregating for emergency purposes
So explain how this is superior to DNS entr(y|ies) stating who your
peers and upstreams are. And there's nothing to say that one could not
specify allowed filters in DNS, too.
If someone wants me to advertise 192.168.7/24, and DNS indicates the
proper netblock is 192.168.0/19 and their ASN is not origin or adjacent
hop, I'll be suspicious. What I do from there becomes a policy
question; I probably would contact the IP block owner to verify the
My way isn't superior at all to a secure BGP solution, but until that
exists, I need a choice.
I am definitely on the bandwagon for the need for a secure BGP.