My advice to our consulting clients regarding a list of about 8–10 specific
ASNs (which are the same everywhere in the world) is always the same:
1- If you can set up a bilateral session with them via an MLPA at no cost,
do it...
1.1- And send the routes to them with the `no-export` community.
1.2- Lower the local preference for everything coming from that peer.
2- For Route Servers:
2.1- When advertising your routes, tag them with the
"selective-do-not-announce-to" community for those ASNs.
2.2- Reject anything the Route Server tags with the "learned-from-asn"
community corresponding to those ASNs.

I know it’s massive overkill!
I know it’s even a bit rude...
But unfortunately, after losing so much sleep, this is how I finally
stopped worrying about that type of network operator—the kind that thinks
it’s great to declare themselves everyone's upstream provider.

If everyone (or at least a good number of people) does this... their
business model collapses.

Em qui., 25 de jun. de 2026 às 10:55, Maria Matejka <[email protected]>
escreveu:

> On Thu, Jun 25, 2026 at 09:41:35AM -0300, Douglas Fischer wrote:
>
> Em qui., 25 de jun. de 2026 às 09:01, Maria Matejka via Bird-users <
> [email protected]> escreveu:
>
> Note: The connectivity was hotfixed by temporarily adding HE as CZ.NIC
> provider in ASPA, and later returned to normal (checked right now).
>
> It makes me very sad to hear that the solution to this involved informing
> in ASPA HE as a provider
>
> Well, that was a connectivity hotfix, not a permanent solution.
>
> My greatest hope regarding ASPA is (or was) that any of the ASNs
> exhibiting this behavior—taking peering routes and advertising them to
> downstream customers as if they were part of their own customer cone—would
> be publicly vilified.
>
> The real question is, how to stop big leakers from forcing everybody to
> approve them as their provider. And while we can point our fingers here and
> there, the operational reality is to keep the connectivity running.
>
> I expect that quite a lot of these problems will disappear when IXPs
> deploy ASPA upstream validation and simply drop all leaks.
>
> Until then, with the downstream validation, we play chicken.
>
> –
> Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
>


-- 
Douglas Fernando Fischer
Engº de Controle e Automação

Reply via email to