Re: Max Prefix Out, was Re: Verizon 701 Route leak?

> well, I was thinking that you can survey your customers to know their > approximate inbound number, you can implement a max-prefix in from them > with that (ideally you're already doing that). > > You can figure out the output from you as well in a similar fashion. > > In either case you're not

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

> On Sep 2, 2017, at 12:41 PM, Job Snijders wrote: > > Coloclue (AS 8283): > >For every peering partner, data is fetched from the PeeringDB API >and the fields visible here https://www.peeringdb.com/asn/2914 as >'IPv4 Prefixes' and 'IPv6 Prefixes' are used as input into the >rout

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sat, Sep 02, 2017 at 12:08:41PM -0400, Christopher Morrow wrote: > > I think you'll find that some of your peers will make an educated > > guess and set an inbound limit anyway. Actively requesting that no > > limit is applied may make one part of a fringe minority. > > This is a quick survey o

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

(from earlier randy) > you just assumed that the transitive closure of everybody's cones > implement and propagate count. ain't gonna happen. well, I was thinking that you can survey your customers to know their approximate inbound number, you can implement a max-prefix in from them with that (id

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sat, Sep 02, 2017 at 04:27:03PM +0900, Randy Bush wrote: > > I am not sure what the issue here is. If I can tell my peering > > partner a recommended maximum prefix value for them to set on their > > side, surely I can configure that same value on my side as the upper > > outbound limit. > > wh

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

> i have 142 largish bgp customers, a large enough number that the > number of prefixes i receive from them varies annoyingly. how do > i reasonably automate setting of my outbound prefix limit? First, it seems you know the inbound so automating the outbound is simple ar

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sat, 2 Sep 2017 at 05:41, Randy Bush wrote: > >>> i have 142 largish bgp customers, a large enough number that the number > >>> of prefixes i receive from them varies annoyingly. how do i reasonably > >>> automate setting of my outbound prefix limit? > >> > >> First, it seems you know the inb

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

>>> i have 142 largish bgp customers, a large enough number that the number >>> of prefixes i receive from them varies annoyingly. how do i reasonably >>> automate setting of my outbound prefix limit? >> >> First, it seems you know the inbound so automating the outbound is simple >> arithmetic. >

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Fri, Sep 1, 2017 at 7:56 AM, Patrick W. Gilmore wrote: > On Sep 1, 2017, at 5:26 AM, Randy Bush wrote: > > > > i have 142 largish bgp customers, a large enough number that the number > > of prefixes i receive from them varies annoyingly. how do i reasonably > > automate setting of my outboun

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Sep 1, 2017, at 5:26 AM, Randy Bush wrote: > > i have 142 largish bgp customers, a large enough number that the number > of prefixes i receive from them varies annoyingly. how do i reasonably > automate setting of my outbound prefix limit? First, it seems you know the inbound so automating t

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

i have 142 largish bgp customers, a large enough number that the number of prefixes i receive from them varies annoyingly. how do i reasonably automate setting of my outbound prefix limit? randy

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

I guess you're looking into something similar to https://tools.ietf.org/html/draft-keyur-idr-bgp-prefix-limit-orf. -- Tassos Jörg Kost wrote on 31/8/17 13:50: > > > What about adding an option to the BGP session that A & B do agree on a fixed > number of prefixes in both directions, so Bs prefi

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

On Thu, Aug 31, 2017 at 11:24 AM, Leo Bicknell wrote: > In a message written on Thu, Aug 31, 2017 at 12:50:58PM +0200, J??rg Kost > wrote: > > What about adding an option to the BGP session that A & B do agree on a > > fixed number of prefixes in both directions, so Bs prefix-in could be As > > p

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

In a message written on Thu, Aug 31, 2017 at 12:50:58PM +0200, J??rg Kost wrote: > What about adding an option to the BGP session that A & B do agree on a > fixed number of prefixes in both directions, so Bs prefix-in could be As > prefix-out automatically? As others have pointed out, that's har

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

I think what this is is just a new (potentially) knob that can be turned. If you don't want to turn it that's your deal, you run your network how you want. There's been no suggestion that there be some explicit default value or even that its turned on by default so behavior won't change unless conf

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

Hi, but in reality you will factorise and summarize outbound and inbound numbers, create spare room for sessions and failover scenarios and therefore leaks and especially partial leaks can still occur. In another example scenario the BGP process may not only shutdown the session to B, that h

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

Dear Jörg, On Thu, Aug 31, 2017 at 12:50:58PM +0200, Jörg Kost wrote: > but isn't peer A prefix-out a synonym for peer B prefix-in, that will > lead to the same result, e.g. a BGP teardown? > > I just feel that this will add another factor, that people will not > use or abuse: neigh $x max-out in

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

Hi, but isn't peer A prefix-out a synonym for peer B prefix-in, that will lead to the same result, e.g. a BGP teardown? I just feel that this will add another factor, that people will not use or abuse: neigh $x max-out infinite What about adding an option to the BGP session that A & B do ag

Re: Max Prefix Out, was Re: Verizon 701 Route leak?

What a terrific idea..., simple & useful El 29/8/17 a las 1:41 p.m., Michael Still escribió: > I agree a max-prefix outbound could potentially be useful and would > hopefully not be too terribly difficult to implement for most vendors. > > Perhaps RFC4486 would need to be updated to reflect this

Re: Verizon 701 Route leak?

Good use-case for https://datatracker.ietf.org/doc/draft-ietf-grow-bmp-adj-rib-out and snapshot auditing before and after changes. Leak didn't last long but it could have been caught within milliseconds verses minutes via oh sh** alarms. --Tim On 8/29/17, 6:46 PM, "NANOG on behalf of Randy Bus

Re: Verizon 701 Route leak?

> Good use-case for > https://datatracker.ietf.org/doc/draft-ietf-grow-bmp-adj-rib-out and > snapshot auditing before and after changes. Leak didn't last long but > it could have been caught within milliseconds verses minutes via oh > sh** alarms. [ i happen to like bmp, but ... ] if the sender d

Re: Verizon 701 Route leak?

>> Damn you Google.. yup. Thanks for links. > A public post-mortem would be highly appreciated (from all parties). there has been more press hysteria on this than actual packet droppage. goog fat fingered or otherwise misannounced a numer of large consumer isp's prefixes. the leak was for aybe

Max Prefix Out, was Re: Verizon 701 Route leak?

I agree a max-prefix outbound could potentially be useful and would hopefully not be too terribly difficult to implement for most vendors. Perhaps RFC4486 would need to be updated to reflect this as a possibility as well? On Mon, Aug 28, 2017 at 5:41 PM, Julien Goodwin wrote: > On 28/08/17 18:

RE: Verizon 701 Route leak?

On Mon, 28 Aug 2017, Marcus Josephson wrote: Damn you Google.. yup. Thanks for links. A public post-mortem would be highly appreciated (from all parties). -- Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Verizon 701 Route leak?

On 28/08/17 18:34, Job Snijders wrote: > Finally, it may be worthwhile exploring if we can standardize and > promote maximum prefix limits applied on the the _sending_ side. This > way you protect your neighbor (and the Internet at large) by > self-destructing when you inadvertently announce more t

Re: Verizon 701 Route leak?

On Mon, Aug 28, 2017 at 03:48:44PM +, someone wrote: > Damn you Google.. yup. I am not sure it is fair to say "damn you Google", because accidents happen (be it through human error or software defects). All of us have entered commands at some point and subsequently https://media.giphy.com/medi

RE: Verizon 701 Route leak?

Damn you Google.. yup. Thanks for links. -Marcus From: Youssef Bengelloun-Zahr [mailto:benge...@gmail.com] Sent: Monday, August 28, 2017 11:47 AM To: Marcus Josephson Cc: nanog@nanog.org Subject: Re: Verizon 701 Route leak? Hello, Do you mean this one ? https://dyn.com/blog/large-bgp-leak

Re: Verizon 701 Route leak?

Hello, Do you mean this one ? https://dyn.com/blog/large-bgp-leak-by-google-disrupts-internet-in-japan/ https://bgpmon.net/bgp-leak-causing-internet-outages-in-japan-and-beyond/ https://mobile.twitter.com/bgpmon/status/901565301048803329 Best regards. > Le 25 août 2017 à 08:58, Marcus Josep

Verizon 701 Route leak?

Anyone from Verizon want to comment on a possible route leak on the 25th 10:30 PM EDT? Saw route table jump up to 737629 routes last night from 701. Marcus Josephson mjoseph...@inap.com * www.inap.com INAP (r) connectivity | colocation | manage