On 2018/09/22 09:21, Tom Smyth wrote: > I like the NFsen idea, however I think for a simple eyeball ISP we could > be able to achieve it by adding a default + exceptions summarisation > to openBGPd ( I would rather not create more dependencies on our BGP > ) > I want to install the minimum number of routes for transit > so that I am confident the packet will reach the intended destination > and then leave the rest of the switch CAM for Prefixes learned on > a local internet exchange.
Interesting idea but I think the method you're suggesting puts you at higher risk of things *not* reaching their destination - if you have good and not-so-good transits, the diffs are likely to be things you don't want anyway and could interfere with correct routing. Some providers have a bit of a problem with "stuck" routes (if there's a stuck more-specific route at one provider, that will be a difference, and you'll send traffic there on a road to nowhere instead of to a valid less-specific). Another issue is that a good provider may have filtered a dubious announcement (hijack attempt), a less fastidious one might not. If I wanted to identify *whether* a transit provider is sending such routes, analysing a diff of the announcements between them and another provider is quite a good way to find them. My suggestion if you're trying to use the hardware in this way: only use transit providers who can be trusted to generally provide good transit (which rules out a few ;) and just use defaults plus maybe allow some extra through filters to encourage certain traffic to go a certain way, or to balance load if your ports are hot.
