[74525] in North American Network Operators' Group
Re: Blackhole Routes
daemon@ATHENA.MIT.EDU (Pete Templin)
Thu Sep 30 15:43:04 2004
Date: Thu, 30 Sep 2004 14:42:15 -0500
From: Pete Templin <petelists@templin.org>
To: Deepak Jain <deepak@ai.net>, nanog@merit.edu
In-Reply-To: <415C4D55.6030203@ai.net>
Errors-To: owner-nanog-outgoing@merit.edu
Deepak Jain wrote:
> If providers start tying their customer's blackhole announcements to the
> provider's upstreams' blackhole announcements in an AUTOMATIC process,
> bad things <tm> are likely to happen. What happens when a customer of a
> provider mistakenly advertises more routes than he should [lets say
> specifics in case #1] you can flood your upstreams' routers with
> specifics and potentially cause flapping or memory overflows...
>
> In case #2, presumably the blackhole community takes precedence, so if a
> customer is mistakenly readvertising their multihome provider's table
> with a 666 tag, all of the upstream providers might be blackholing the
> majority of their non-customer routes.
I build two prefix lists for each customer. One represents the exact
match routes that I'm willing to propagate, and the other covers "le 32"
more specifics of what I'm willing to allow special treatment on. They
can't blackhole anything outside what they would otherwise be allowed to
announce (and I use it for several other special cases as well).
Customers who are single-homed and otherwise static routed are welcome
to use BGP for these special cases; their prefix lists reflect the fact
that their space is not to be propagated.
pt
