On 10/Nov/15 15:55, James Bensley wrote:
> No, prefix filters are the end goal...
Not always.
In some cases, using other methods to identify prefixes for filtering -
other than prefix lists - can be desirable.
> if you want to filter certain
> prefixes from certain peers. AS_PATH filters are
On 4 November 2015 at 16:23, Paul Thornton wrote:
> Your reasoning seems to be something like this: "I use AS 65530 internally,
> therefore I never want to see 65530 in the AS path". Whilst I can see where
> you're coming from, it doesn't [or more accurately, it shouldn't] hurt you
> if I (say) a
On 4 November 2015 at 11:16, Mark Tinka wrote:
>
>
> On 4/Nov/15 10:42, James Bensley wrote:
>
>
> Are you suggesting that people shouldn't filter as-paths? Presumably you
> wouldn't be that stupid so I'll assume not,...
>
>
> Well, the end goal is filtering of prefixes.
No, prefix filters are th
Hi Lads,
I Used to Filter based on AS paths and reject any prefix that had private
or reserved AS numbers in the AS Path, I have to say that my experience is
that on Software routers such as Mikrotik, even on fast x86 processor based
routers that it increased convergence times by up to 5x in some
> On 4 Nov 2015, at 16:23, Paul Thornton wrote:
>
> However, it *does* hurt you if I send you one of your own prefixes, or a more
> specific of one of your own prefixes. This is the golden rule of "In
> general, don't accept any part of your own space from a peer or transit
> provider" to av
On 04/11/2015 08:42, James Bensley wrote:
On 31 Oct 2015 13:17, "Neil J. McRae" mailto:n...@domino.org>> wrote:
>
> +1 - you can filter ASes but someone can still send a crazy as path
with valid ASes and cause you chaos.
>
> Neil.
>
> Sent from my iPad
Are you suggesting that people shoul
Sent from my iPhone
On 4 Nov 2015, at 08:43, James Bensley
mailto:jwbens...@gmail.com>> wrote:
On 31 Oct 2015 13:17, "Neil J. McRae" mailto:n...@domino.org>>
wrote:
>
> +1 - you can filter ASes but someone can still send a crazy as path with
> valid ASes and cause you chaos.
>
> Neil.
>
> S
On 04/11/15 11:00, James Bensley wrote:
I don't want any prefixes coming in to my network with the ASNs I specified
in my origin email from outside of my network, because those ASNs are inuse
internally.
Protip: communities.
--
Tom
:: www.portfast.co.uk / @portfast
:: hosted services, domains
On 04/11/2015 11:00, James Bensley wrote:
Unless anyone can give a compelling reason as to why I should see those
private and reserved ASNs in the global table, please let me know.
You can't filter out ASNs; you can only filter out the prefixes which
carry those ASNs as attributes.
So what yo
On 4/Nov/15 10:42, James Bensley wrote:
>
> Are you suggesting that people shouldn't filter as-paths? Presumably
> you wouldn't be that stupid so I'll assume not,...
>
Well, the end goal is filtering of prefixes.
AS_PATH filters, like BGP communities, are just a way to identify those
prefixes
On 31 Oct 2015 18:59, "Nick Hilliard" wrote:
>
> um, apologies for the tactlessness of this email, which didn't come out at
> all as intended, oops :-/
>
> -n
No problems. If I wasn't clear, I'm not saying prefixes and AS paths are
the same. See earlier post about being in mobile and multi-AS con
On 30 Oct 2015 18:27, "Nick Hilliard" wrote:
> TBH, I'd question the value of filtering weird asns. What matters is
> filtering out weird prefixes. If you filter out weird ASNs, all you're
> doing is chewing up the CPU on your RP.
>
> Nick
ASNs that shouldn't be in the global table and prefixes
On 31 Oct 2015 13:17, "Neil J. McRae" wrote:
>
> +1 - you can filter ASes but someone can still send a crazy as path with
valid ASes and cause you chaos.
>
> Neil.
>
> Sent from my iPad
Are you suggesting that people shouldn't filter as-paths? Presumably you
wouldn't be that stupid so I'll assume
>
>If there's junk in the as path of one form or another - e.g. weird confed
>stuff, private intermediate ASNs, upstream monopoly providers doing strange
>things with customer ASNs, asn typos, as23456, etc - does this make a
>meaningful statement about the legitimacy of the prefix?
Obligatory m
James Bensley wrote:
[...]
> Also the ASN range 65552-131071 is reserved on the IANA page but no
> RFC or indication as to why or if it will be allocated later?
The plan is to allocate 32-bit blocks to RIRs as a continuous range. That's why
APNIC starts at 131072, RIPE NCC at 196608, LACNIC at
On 31/10/2015 08:19, James Bensley wrote:
> Six of one, half a dozen of the other
wait now, step back a sec.
On the internet, we care about reachability. Reachability is determined by
prefixes. So by inference we care about whether prefixes are legit or not,
for some definition of "legit".
The
+1 - you can filter ASes but someone can still send a crazy as path with valid
ASes and cause you chaos.
Neil.
Sent from my iPad
> On 30 Oct 2015, at 17:27, Nick Hilliard wrote:
>
>> On 30/10/2015 16:57, James Bensley wrote:
>> What do others have, what have I missed?
>
> the asn32 filter ca
On 30 Oct 2015 19:00, "Job Snijders" wrote:
>
> On Fri, Oct 30, 2015 at 06:31:35PM +0100, Job Snijders wrote:
> > On Fri, Oct 30, 2015 at 05:27:22PM +, Nick Hilliard wrote:
> > > On 30/10/2015 16:57, James Bensley wrote:
> > > > What do others have, what have I missed?
> > >
> > > the asn32 fi
On 30 Oct 2015 17:31, "Job Snijders" wrote:
>
> On Fri, Oct 30, 2015 at 05:27:22PM +, Nick Hilliard wrote:
> > On 30/10/2015 16:57, James Bensley wrote:
> > > What do others have, what have I missed?
> >
> > the asn32 filter can be written as "_42_", or perhaps
"_42[0-9]{8}_"
> >
> > T
On 30 Oct 2015 17:27, "Nick Hilliard" wrote:
>
> On 30/10/2015 16:57, James Bensley wrote:
> > What do others have, what have I missed?
>
> the asn32 filter can be written as "_42_", or perhaps
"_42[0-9]{8}_"
>
> TBH, I'd question the value of filtering weird asns. What matters is
> filte
On Fri, Oct 30, 2015 at 06:31:35PM +0100, Job Snijders wrote:
> On Fri, Oct 30, 2015 at 05:27:22PM +, Nick Hilliard wrote:
> > On 30/10/2015 16:57, James Bensley wrote:
> > > What do others have, what have I missed?
> >
> > the asn32 filter can be written as "_42_", or perhaps "_42[0-9
On Fri, Oct 30, 2015 at 05:27:22PM +, Nick Hilliard wrote:
> On 30/10/2015 16:57, James Bensley wrote:
> > What do others have, what have I missed?
>
> the asn32 filter can be written as "_42_", or perhaps "_42[0-9]{8}_"
>
> TBH, I'd question the value of filtering weird asns. What m
On 30/10/2015 16:57, James Bensley wrote:
> What do others have, what have I missed?
the asn32 filter can be written as "_42_", or perhaps "_42[0-9]{8}_"
TBH, I'd question the value of filtering weird asns. What matters is
filtering out weird prefixes. If you filter out weird ASNs, all
Howdy All,
Refreshing our edge AS path filters, but starting from scratch to tidy
them up. I'm just talking about generic AS path filtering, like
bogons, that one would apply more or less everywhere, not about
matching specific downstreams or upstreams etc.
What do others have, what have I missed
24 matches
Mail list logo
