[38252] in North American Network Operators' Group
Re: engineering --> ddos and flooding
daemon@ATHENA.MIT.EDU (Geoff Zinderdine)
Fri Jun 1 15:39:13 2001
Message-ID: <005301c0ead2$85e1e6a0$0c64a8c0@aegis>
Reply-To: "Geoff Zinderdine" <geoff.zinderdine@mts.mb.ca>
From: "Geoff Zinderdine" <geoffz@mts.net>
To: "Mark Mentovai" <mark-list@mentovai.com>
Cc: <nanog@merit.edu>
Date: Fri, 1 Jun 2001 14:39:06 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Agreed. Still you could just throw up a box at the end of that low speed
line and have your main peering session set it as NEXT_HOP for the host
route without needing it to be running a BGP session itself, no?
----- Original Message -----
From: "Mark Mentovai" <mark-list@mentovai.com>
To: "Geoff Zinderdine" <geoff.zinderdine@mts.mb.ca>
Cc: <lucifer@lightbearer.com>; <nanog@merit.edu>
Sent: Friday, June 01, 2001 2:07 PM
Subject: Re: engineering --> ddos and flooding
> Geoff Zinderdine wrote:
> >Why not just advertise the host route with an unreachable next hop from
your
> >main peering session?
>
> Maybe your upstream sets the NEXT_HOP to your side of the point-to-point
for
> you, just in case you neglected to do so.
>
> Even if they don't, who's to say what's unreachable? If the NEXT_HOP is
> truly unreachable, in that there is no route to it, the BGP path won't be
> marked as valid and won't make it to the IP routing table (Loc-RIB.)
>
> I've long felt that IP should have come with a provision for an address
that
> is never routed. It would be great if we could get something like
127.0.0.2
> for this very task.
>
> Mark
>
