>That said:
>>mikech @
avana .
net says:
>>>All of this discussion of the mechanics of BGP made me think. What if I
>>>decided to grab Cisco's block of addresses and announce them as being
routed
>>>through my ISP with BGP? As long as my ISP's are peering with me, will
they
>>>accept *any* route update? If I announced the Cisco update to my ISP
(let's
>>>say MCI), would all of the MCI clients trying to access www.cisco.com
come to
>>>my web server instead? What would happen on with other ISP's? Would they
>>>accept this exception route?
>Only if they are stupid. Peer relationships between the clue-challenged
>are more likely to propagate bad routes than providers; all major
>providers have aggressive filtering on either as-path & origins,
>ip-addrs being announced, or routing objects (ip-addrs/length + origin
>as). The smarter providers reconfigure these filters in an automated
>fashion, from databases.
>
Along with aggressive route filtering, route authentication will
become vital in the next few years.
--T
_________________________________________________________________________
R. Todd Truitt ttruitt @
cisco .
com
Systems Engineer Security, Availabilty and Management
Cisco Systems, Inc. 303.220.6164
|
|
