On Thu, Feb 23, 2012 at 1:57 AM, Randy Bush <ra...@psg.com> wrote: >>> and things when further downhill from there, when telstra also did not >>> filter what they announced to their peers, and the peers went over >>> prefix limits and dropped bgp. >> Oh! so protections worked! > > imiho, prefix count is too big a hammer.
sure. aspath-filter! :) > it would have been better if optus had irr-based filters in place on > peerings with telstra. then they would not have dropped the sessions > and their customers could still reach telstra customers. really, both parties need/should-have filters, right? both parties should have their 'irr data' up-to-date... both parties should also filter outbound prefixes (so they don't leak internals, or ...etc) telstra seems to have ~8880 or so prefixes registered in IRRs (via radb whois lookup) optus has ~1217 or so prefixes registered in IRRs (again via the same lookup to radb) > of course, if telstra did not publish accurately in an irr instance, > not much optus could do. it's not clear how accurate the data is :( I do see one example that's not telstra (and which I don't see through telstra from one host I tested from) 203.59.57.0/24 a REACH customer, supposedly, registered by REACH on the behalf of the customer... the whole /16 there is allocated to the same entity not REACH though, so that's a tad confusing. -chris
