On 17/05/2008, at 5:53 PM, Matthew Moyle-Croft wrote: > Nathan Ward wrote: >> If the foreign AS really wants to send you routes that way, they >> can do it regardless of how you stop your advertisements being >> accepted by/ reaching them. We're hardly talking high security here. >> >> ip route <prefix> <netmask> 1.1.1.1 works a treat. >> > I'm not quite sure of your point Nathan. That'd stop connectivity > which isn't usually the point - especially if the issue is point (2) > below.
If a foreign AS wants to work around things put in place by you/others so they don't get your prefixes (be it ASPATH poisoning, route filtering by the MLPA route-server operator, etc.) they can do so easily by putting a static route in to their equipment. My point is that none of these techniques are bulletproof. I think I meant to say "packets" where I said "routes" where you quoted me above, also, that ip route blah was something that the foreign AS would stuff in to their router. I hope that's a bit more clear. > MLPAs are disliked for two main reasons that I've been able to > discern. I'm not debating for/against MLPAs, that doesn't really go anywhere productive. I'm giving info that some people might find useful if they've got a network condition they need to work around with a dirty hack. -- Nathan Ward _______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
