[50682] in North American Network Operators' Group
Re: Deaggregating for emergency purposes
daemon@ATHENA.MIT.EDU (Chris Woodfield)
Wed Aug 7 10:28:44 2002
Date: Wed, 7 Aug 2002 10:24:31 -0400
From: Chris Woodfield <rekoil@semihuman.com>
To: Phil Rosenthal <pr@isprime.com>
Cc: 'Omachonu Ogali' <nanog@missnglnk.com>, nanog@merit.edu
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA/zNkI7d3EEmn3+v5DgN/l8KAAAAQAAAAQ0pFih5ztk+XJh+PzcrjwgEAAAAA@isprime.com>
Errors-To: owner-nanog-outgoing@merit.edu
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Truth be told, if someone was advertising your space illegitimately, any ne=
tworks that=20
use the IRR's to filter would not be accepting the rogue announcement in th=
e first place,=20
at least in theory. Thus, the emergency registration of more-specific route=
object should=20
not be necessary, right?
-C
On Tue, Aug 06, 2002 at 01:29:58PM -0400, Phil Rosenthal wrote:
>=20
> Most ISPs that build off of the IRR's do it nightly. I am talking about
> 10 /24's out of /19, and I'm not announcing any of the /24's -- and wont
> unless there is an emergency, and only then would it be temporary.
>=20
> --Phil
>=20
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> Omachonu Ogali
> Sent: Tuesday, August 06, 2002 4:00 AM
> To: nanog@merit.edu
> Subject: Re: Deaggregating for emergency purposes
>=20
>=20
>=20
> What about announcing and registering with your IRR, more-specific
> routes for the period that the problem ONLY exists, instead of being
> lazy?
>=20
> If all else fails, break out Outlook and your favorite translator,
> because last time I checked, speaking English was not a requirement to
> run a network. Even if most of you do, this is not a "Majority Rules"
> situation.
>=20
> On Mon, Aug 05, 2002 at 10:47:33PM -0700, john@chagresventures.com
> wrote:
> >=20
> > get on the bandwaggon that filtering is a good thing ?? :)
> >=20
> > at some point some transit is going to listen and drop the=20
> > announcement.
> >=20
> > Lets take an example. Deep Dark middle of asia, someone starts=20
> > announcing a /24 of yours. Their upstream takes the packet, and so=20
> > forth. At some point they will touch a NSP or ISP (international=20
> > service provider) and you can get things dropped their.
>=20
> Yes. End of story. Go directly to the finish diamond at the end of your
> flowchart. If the next step in your flowchart is "pollute IRRs with
> 3592375238957235893275839572 /32s", please return your maintainer
> object.
> =20
> > Your pushing out a /24 will help slurp some of the traffic towards=20
> > you, but not all.
> >=20
> > Personally I have deagged some prefixes to cause a DOS/DDOS towards a
> > particular address to route down a slow connection I had. Sacrifice
> > one link, to keep customers running on the others. But thats
> different.
>=20
> Yes, but you removed it later on, correct?
> =20
> > Its about networking, the people kind, at this point.
> >=20
> > cheers
> >=20
> > john brown
> > chagres technologies, inc
> >=20
> > On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote:
> > >=20
> > > But the question is, what do you do if it's coming from somewhere=20
> > > with a difficult to contact NOC, and their upstream is difficult to=
=20
> > > contact as well?
> > >=20
> > > --Phil
> > >=20
> > > -----Original Message-----
> > > From: John M. Brown [mailto:jmbrown@ihighway.net]
> > > Sent: Monday, August 05, 2002 8:12 PM
> > > To: Phil Rosenthal
> > > Cc: nanog@merit.edu
> > > Subject: Re: Deaggregating for emergency purposes
> > >=20
> > >=20
> > > Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected
> > >=20
> > > Having had this happen to me several different times, I'd have to
> > > recommend, calling the NOC of the advertising party. as the pref'd
> way
> > > of handling it.
> > >=20
> > > On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote:
> > > >=20
> > > > I am currently announcing only my aggregate routes, but I have=20
> > > > lately
> > > > thought about the possibility of someone mistakenly, or
> maliciously,=20
> > > > announcing more specifics from my space. The best solution for an=
=20
> > > > emergency response to that (that I can think of), is registering
> all=20
> > > > of the /24's that make up my network, so if someone should
> announce a=20
> > > > more-specific, I can always announce the most specific that would
> be=20
> > > > accepted (assuming they don't announce the /24's too, it should be
> a=20
> > > > problem avoided)
> > > >=20
> > > > Does anyone else have any other ideas on ways to quickly deal with
> > > > someone else announcing your more specifics, since contacting
> their=20
> > > > NOC is likely going to take a long time...
> > > >=20
> > > > --Phil
> > > >=20
> > >=20
>=20
> --=20
> Omachonu Ogali
> missnglnk@informationwave.net
> http://www.informationwave.net
>=20
--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9US2fqP/YiunDNcERAn2nAKDp9QxQ0LrGgQpjGOOlbVBD/EXmIQCgoMc3
Xgg7nz/10NZhzF/lPGSHqxY=
=eVvc
-----END PGP SIGNATURE-----
--PEIAKu/WMn1b1Hv9--
