[87971] in North American Network Operators' Group
Re: BGP route flap damping
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon Jan 16 08:20:01 2006
In-Reply-To: <43CB9168.1010801@acmesecurity.org>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Mon, 16 Jan 2006 08:19:20 -0500
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Jan 16, 2006, at 7:28 AM, Gustavo Rodrigues Ramos wrote:
> Last week we received a DoS attack which got down my BGP
> connections to
> my upstream providers (for three or four times I believe). I also
> belive
> that event caused some routers to suppress my BGP announcement.
>
> I would appreciate suggestions on "how to proceed?" with this
> situation.
Remind everyone that flap dampening is no longer a good idea, and is
in fact considered harmful. (Queue discussion at last RIPE.)
The problem is probably not flapping 3 times, but the amplification
some people saw. (One of the reasons it was decided not to promote
flap dampening at RIPE.)
Not much you can do about this in general. In your specific case,
since we don't know why your sessions died, we don't know what to
suggest to stop it. Perhaps change the timers with your upstream?
--
TTFN,
patrick
