Lightning Talk: Fighting BGP Route Leaks with PeeringDBs new never via route servers flag
Route servers are a convenience service that exists to lower the barrier to participate at an IXP. In the past, these route servers also distributed leaked routes …
|Talk Title||Lightning Talk: Fighting BGP Route Leaks with PeeringDBs new never via route servers flag|
|Speakers||Theo Voss (ANEXIA Internetdienstleistungs GmbH)|
|Location||San Francisco, CA|
|Date||Feb 10 2020 - Feb 12 2020|
Route servers are a convenience service that exists to lower the barrier to participate at an IXP. In the past, these route servers also distributed leaked routes from peers not participating and aggravated severe outages of the internet. Furthermore, the quality of BGP filters varies along IXPs. A few large operators implemented countermeasures like Peerlock but most other operators don’t. With version 2.18.0, PeeringDB introduced a feature called “Never via route servers” for networks to indicate whether their routes should be reachable via route servers or not. This makes it possible to generate filters for all route server peerings and drop announcements containing AS numbers with “Never via route servers” flag in the AS path. Next to bogon filters, RPKI and IRR filters, this is another milestone in terms of automated routing security based on a central, authorized and well-maintained database. This talks explains how this can be easily used to generate filters by showing example API calls and router configuration.
Theo Voss: None