[162712] in North American Network Operators' Group
Re: Tier1 blackholing policy?
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Apr 30 17:05:43 2013
In-Reply-To: <517FD5DD.9020305@dfn.de>
From: William Herrin <bill@herrin.us>
Date: Tue, 30 Apr 2013 17:05:13 -0400
To: Thomas Schmid <schmid@dfn.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Apr 30, 2013 at 10:31 AM, Thomas Schmid <schmid@dfn.de> wrote:
> We received recently customer complaints stating they can't reach certain
> websites.
> Investigation showed that the sites were not reachable via Tier1-T, but fine
> via
> Tier1-L. I contacted Tier1-T and the answer was something like "yeah, this
> is a known phishing
> site and to protect our customers we blackhole that IP" (btw - it was 2 ASes
> away from Tier1-T).
Hi Thomas,
On the one hand, companies providing Internet transit are not
generally compelled by law to pass packets for any other given company
on the Internet.
On the other hand, announcing via BGP that you will carry particular
packets and then intentionally dropping them on the floor could easily
be construed as tortious interference.
The middle ground... propagating a BGP announcement but blocking a
small piece within it... I think I'd want to cover my backside by
setting a BGP community on that route which advised my peers that a
portion of it is dead-routed within my network so that they may
discard or deprioritize it if they choose.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
