[74515] in North American Network Operators' Group
Re: Blackhole Routes
daemon@ATHENA.MIT.EDU (Erik Haagsman)
Thu Sep 30 10:35:05 2004
From: Erik Haagsman <erik@we-dare.net>
Reply-To: erik@we-dare.net
To: "Robert A. Hayden" <rhayden@geek.net>
Cc: Abhishek Verma <abhishekv.verma@gmail.com>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0409300842080.11786-100000@shell.geek.net>
Date: Thu, 30 Sep 2004 16:40:54 +0200
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2004-09-30 at 15:45, Robert A. Hayden wrote:
> There are mechanisms to do it using eBGP and communities as well which I'm
> sure most on this list are more familiar with.
>
> Think of blackholing as a way to surgically remove a specific IP from your
> network, without having to deal with pushing ACLs into multiple entry
> points. At least that's what it accomplishes for us.
And perhaps more importantly, when using eBGP blackholing communities,
without DDoS traffic hitting your ingress bandwidth from your upstreams.
ACL's can only filter traffic that's already at your edge, whereas
blackholing allows your upstream to filter it for you throughout his
network, reducing the risk of congested links.
Cheers,
--
---
Erik Haagsman
Network Architect
We Dare BV
tel: +31(0)10 7507008
fax:+31(0)10 7507005
http://www.we-dare.nl
