[88022] in North American Network Operators' Group
Re: BGP route flap damping
daemon@ATHENA.MIT.EDU (Kim Onnel)
Wed Jan 18 04:58:47 2006
Date: Wed, 18 Jan 2006 11:58:19 +0200
From: Kim Onnel <karim.adel@gmail.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu
In-Reply-To: <F70E46AC-F623-4787-ABEE-D5E4BA66B11C@ianai.net>
Errors-To: owner-nanog@merit.edu
------=_Part_5646_18143732.1137578299242
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Do this, configure and use blackhole routing with your upstream, this is ho=
w
you stop an attack
How to detect it, use netflow.
On 1/16/06, Patrick W. Gilmore <patrick@ianai.net> wrote:
>
>
> On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:
>
> > Patrick W. Gilmore wrote:
> >>
> >> Not much you can do about this in general. In your specific case,
> >> since we don't know why your sessions died, we don't know what to
> >> suggest to stop it. Perhaps change the timers with your upstream?
> >
> > My BGP connections (and annoucements) with/to my ISPs are all fine.
> >
> > The problem takes place five or six AS far from me... Where I can't do
> > much. I still can't reach some prefixes announced by large ISPs.
> >
> > At the first time, I thought an e-mail to the NOC of the network I
> > can't
> > reach can solve the problem, but it was a waste of time...
>
> I'm a little confused.
>
> Are you saying you dampened the prefixes of some other network? If
> so, it sounds like this is 100% in your control.
>
> If the BGP sessions between you and your upstreams / peers never
> flapped, no one should have dampened you. (I can see it possibly
> happening if someone else in the path between you and $OtherNetwork
> is attacked and therefore flaps your routes, but that would affect a
> lot of networks, not just you.)
>
> --
> TTFN,
> patrick
>
------=_Part_5646_18143732.1137578299242
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Do this, configure and use blackhole routing with your upstream, this is ho=
w you stop an attack<br>
<br>
How to detect it, use netflow.<br>
<br>
<br><br><div><span class=3D"gmail_quote">On 1/16/06, <b class=3D"gmail_send=
ername">Patrick W. Gilmore</b> <<a href=3D"mailto:patrick@ianai.net">pat=
rick@ianai.net</a>> wrote:</span><blockquote class=3D"gmail_quote" style=
=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; p=
adding-left: 1ex;">
<br>On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:<br><br>>=
Patrick W. Gilmore wrote:<br>>><br>>> Not much you can do abou=
t this in general. In your specific case,<br>>> since we d=
on't know why your sessions died, we don't know what to
<br>>> suggest to stop it. Perhaps change the timers with =
your upstream?<br>><br>> My BGP connections (and annoucements) with/t=
o my ISPs are all fine.<br>><br>> The problem takes place five or six=
AS far from me... Where I can't do
<br>> much. I still can't reach some prefixes announced by large ISPs.<b=
r>><br>> At the first time, I thought an e-mail to the NOC of the net=
work I<br>> can't<br>> reach can solve the problem, but it was a wast=
e of time...
<br><br>I'm a little confused.<br><br>Are you saying you dampened the prefi=
xes of some other network? If<br>so, it sounds like this is 100%=
in your control.<br><br>If the BGP sessions between you and your upstreams=
/ peers never
<br>flapped, no one should have dampened you. (I can see it poss=
ibly<br>happening if someone else in the path between you and $OtherNetwork=
<br>is attacked and therefore flaps your routes, but that would affect a<br=
>lot of networks, not just you.)
<br><br>--<br>TTFN,<br>patrick<br></blockquote></div><br>
------=_Part_5646_18143732.1137578299242--
