[74529] in North American Network Operators' Group
Re: Blackhole Routes
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu Sep 30 16:30:53 2004
Date: Thu, 30 Sep 2004 20:18:54 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <20040930184801.GC1043@eagle.aitken.com>
To: Jeff Aitken <jaitken@aitken.com>
Cc: Deepak Jain <deepak@ai.net>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 30 Sep 2004, Jeff Aitken wrote:
>
> On Thu, Sep 30, 2004 at 02:15:49PM -0400, Deepak Jain wrote:
> > provider mistakenly advertises more routes than he should [lets say
> > specifics in case #1] you can flood your upstreams' routers with
> > specifics and potentially cause flapping or memory overflows...
> >
> > In case #2, presumably the blackhole community takes precedence, so if a
> > customer is mistakenly readvertising their multihome provider's table
> > with a 666 tag, all of the upstream providers might be blackholing the
> > majority of their non-customer routes.
>
> If a customer has a prefix filter, he cannot announce bogus routes.
>
true, but not universal, sadly.
> If every BGP session in your network is protected by a max-prefix
> limit, no matter who leaks, the damage will be limited and contained.
>
true, also not univeral, sadly. Many networks out there do NOT use any of
these protections...
