Job, Thanks so much for the helpful information, especially the RFC. This is exactly what I was looking for. Have a fantastic week!
Warm Regards, Raymond Beaudoin On Sun, Sep 24, 2017 at 3:05 PM, Job Snijders <[email protected]> wrote: > Dear Raymond, > > On Sun, 24 Sep 2017 at 21:33, Raymond Beaudoin < > [email protected]> wrote: > >> How is this monitored and tracked? Are ACLs applied to help enforce this >> (seems to be limited at scale)? Flow export and alarming? Analytics and >> anomalous behavior detection? Common professional courtesy? > > > This RFC https://tools.ietf.org/html/rfc7789 covers the topic of > “unexpected traffic flows” which is essentially the same as having default > being pointed at you without you permission. May be worth reading! > > A most scalable option is to use a flow collection / monitoring program > like pmacct (http://pmacct.net/) to inspect flows and flag the ones that > shouldn’t exist according to your policy. Paolo Lucente has done excellent > work to make this problem space manageable: http://wiki.pmacct.net/ > DetectingRoutingViolations > > Also, if you are at an internet exchange, make sure to enable MAC > accounting (if available) on the IX facing interface, so you can easily > monitor for traffic coming from MAC addresses with which you don’t have a > BGP session. > > Kind regards, > > Job >
