On Mon, Sep 25, 2017 at 04:29:24PM +0000, Will Hargrave wrote: > On 25 Sep 2017, at 16:45, Paul Wouters wrote: > > This document basically states that people doing network maintenance > > so often make mistakes that leak into the global BGP table, that it > > would be a good idea to just firewall all the BGP traffic going out > > of your network edge as a preventive measure. It's a sad state of > > software/firmware that an external firewalling process is deemed > > necessary to properly (re)configure BGP. > > Hi Paul, > > I am afraid you have got the wrong end of the stick here. This > technique is intended for IXP and other L2 operators, not those who > operate BGP speakers / IP networks. Small nit pick: section 3.1 applies to those who operate BGP speakers / IP networks. But yes, it appears that the review is based on a misunderstanding about the layering of the ISO model and how the IP filters trigger rerouting as (desired) second order effect. > It is a workaround to unwanted blackholing of traffic as a result of > the dataplane being broken whilst waiting for BGP holdtimers to expire > - nothing to do with actual BGP route policy. > > I gave a presentation earlier this year at the UK Network Operators > Forum which attempts to explain this > https://indico.uknof.org.uk/event/39/contribution/8 I'd also like to note that the techniques described in the culling document have nothing to do with 'leaking' of any sort, nor is the BCP attempting or purposed to describe firewalling best practises from a general perspective. Kind regards, Job