Route leak in Bangladesh

[job at instituut.net (Job Snijders)]

On Tue, Jun 30, 2015 at 10:53:45AM -0400, Sandra Murphy wrote:
> That sort of AS_PATH filtering would not have helped in this case.
> The AS originated the routes, it did not propagate an upstream route.
> 
> So an AS_PATH filter to just its own AS would have passed these
> routes.
> 
> You would need origin validation on your outbound routes.  Job
> suggested prefix filters on outbound routes.  (If you are doing prefix
> filters on your inbound customer links, it might be excessive caution
> to also prefix filter customers prefixes on outbound links?  Or is it:
> you can never be too careful, belt-and-suspenders, measure twice,
> etc?)

I wouldn't consider it to be excessive caution to bring more safeguards
to the game, you never know when diarrhea will strike.

If you were the network causing a leak of this type, prefix filters on
inbound facing your customers might not have prevented this.

If you are a network providing transit to the leak originator mentioned
in the above paragraph, I believe a prefix based filter could have made
a big difference.

Kind regards,

Job