|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Nathan Eisenberg <nathan@atlasnetworks.us> To: NANOG list <nanog@nanog.org> Date: Tue, 18 Jan 2011 09:25:42 +0000 In-Reply-To: <AANLkTim4yOTCGhcQbM+8zE67zs3dUGOk2B-ji1KQYVJ=@mail.gmail.com> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org > It was blocked and I did verify it. A very small amount of our traffic > comes in on PCCW and *they* were not honoring a tag that they've > contractually agreed to honor. I can understand why it may be fun to > make this look like a product of my own incompetence, and perhaps it > is something I would have noticed if I wasn't busy responding to > flames. =20 It may be a good policy going forward to do your own null-routes. I realiz= e that for a DDOS protection company, the ability to tag nullroutes upstrea= m is handy, but you also need to nullroute the traffic on your own gear, or= shut down the switch port. Something that is completely independent of an= other organization, regardless of their contractual obligations to you. If you were my employee, I would find the fact that you fat-fingered a null= route to be highly concerning. I would recommend that in addition to chang= ing the way you do nullroutes, you also implement a change control policy w= hich screens commands for approval before making configuration changes upon= which your public declarations, and your reputation as a decent operator, = rely. Nathan Eisenberg
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |