Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2018-05-21 Thread Francois Devienne
Hi Job, I believe your disclaimer makes a lot of sense. From our perspective using more specifics is one of the options to make BGP follow the optimized path instead of the « natural » path. We used to be doing more specifics because with the same prefix being announced, we were simply not ge

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2018-05-17 Thread Job Snijders
Dear Francois, On Thu, May 17, 2018 at 10:14:19AM +, Francois Devienne wrote: > The examples you mention confirm the issues are mainly due to poorly > configured networks where routes are leaked out although they > shouldn’t be. Adequate routers are able to filter out prefixes based > on attri

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2017-09-14 Thread Colin Petrie
On 31/08/17 22:06, Job Snijders wrote:> I strongly recommend to turn off those BGP optimizers, glue the ports > shut, burn the hardware, and salt the grounds on which the BGP optimizer > sales people walked. Yes. > p.s. providing a publicly available BGP looking glasses will contribute > to provi

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2017-09-01 Thread Tom Paseka via NANOG
We regularly see poorly configured "optimizers" or networks hijacking our prefixes (originating /25's, /24 of /23's etc). Thankfully, most of the time filters are in place to stop them leaking badly, but I agree, these are toxic. -Tom On Fri, Sep 1, 2017 at 6:06 AM, Job Snijders wrote: > Dear

Re: BGP Optimizers

2017-09-01 Thread Bjørn Mork
Job Snijders writes: > Using a BGP > optimizer is essentially trading a degree of risk to society for the > purpose of saving a few bucks or milliseconds. It is basically saying: > "The optimizer helps me, but may hurt others, and I am fine with that". People drive SUVs. Bjørn

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2017-08-31 Thread Large Hadron Collider
d instead of on NANOG. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Mike Hammett" Cc: nanog@nanog.org Sent: Thursday, August 31, 2017 9:02:07 PM Subject: Re: BGP Optimizers (Was: Val

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2017-08-31 Thread Mike Hammett
Midwest-IX http://www.midwest-ix.com - Original Message - From: "Mike Hammett" Cc: nanog@nanog.org Sent: Thursday, August 31, 2017 9:02:07 PM Subject: Re: BGP Optimizers (Was: Validating possible BGP MITM attack) Actually, I do remember that one of them would optimize

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2017-08-31 Thread Mike Hammett
http://www.midwest-ix.com - Original Message - From: "Mike Hammett" Cc: nanog@nanog.org Sent: Thursday, August 31, 2017 8:55:46 PM Subject: Re: BGP Optimizers (Was: Validating possible BGP MITM attack) I would like to use a BGP optimizer, but I'm too poor. :-\ Th

Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

2017-08-31 Thread Mike Hammett
I would like to use a BGP optimizer, but I'm too poor. :-\ That said, I'm also an eyeball network, so modifications of my own advertisements are what affects the desired traffic, not so much the outbound routes. I know the BGP optimization industry is weighted towards content networks. --