Hi all,
About the talk "BGP Origin ASN Validation" from Roque Gagliano at SwiNOG
#21 I talked afterwards with him with the following remark:
Roque showed a route-map like this one:
route-map foo seq 10
match invalid
set local-preference 50
!
route-map foo seq 20
match incomplete
set local-preference 100
!
route-map foo seq 30
match valid
set local-preference 200
!
This will not fix the "youtube vs. Pakistan"-problem.
For example, youtube announces a /22, signed, gets local-pref 200.
"Bad ISP" announces a /24 out of the /22, unsigned, gets local-pref 50,
BUT gets into my routing table!
I think it whould by cool to have a system to prevent an *unsigned*
prefix, which is more specific than a *signed* prefix, to be accepted.
Maybe this could be done in IOS Code, for example with the configuration
option "do not allow an unsigned more specific prefix within a signed
prefix".
This will allow us to configure the route-map as shown above and accept
invalid/incomplete prefixes. But the accepted invalid/incomplete
prefixes are not more specific than a signed prefix.
If someone does know more, please comment.
Cheers,
Tim
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
