RTBH no_export
Alejandro Acosta
alejandroacostaalamo at gmail.com
Fri Feb 1 01:45:46 UTC 2019
One more thing, RFC7999 has category Informational
El 31/1/19 a las 16:21, Theodore Baschak escribió:
>
>> On Jan 31, 2019, at 1:28 PM, Roel Parijs <roel.parijs at gmail.com
>> <mailto:roel.parijs at gmail.com>> wrote:
>>
>> For our BGP customers the problem is more complex. Our BGP customers
>> can send us the RTBH community, and we will drop the traffic at our
>> borders. Since we're only running a small network, we don't have the
>> capacity to deal with large attacks. If we would be able to forward
>> (and maybe alter it) this RTBH community towards our upstream
>> providers, the impact on our network would be limited. However, the
>> RFC states that an announcement tagged with the blackhole community
>> should get the no_advertise or no_export community.
>>
>> What is your opinion on this ?
>>
>
> In RFC7999 section 3.2 the first paragraph talks about what you're
> mentioning, NO_EXPORT and/or NO_ADVERTISE. It uses the word SHOULD.
> SHOULD has special meaning in RFCs, its not MUST. Its also not MAY.
> RFC2119 talks about the way these words should be interpreted.
>
> In the next paragraph it says that extreme caution should be used when
> "purposefully propagating IP prefixes tagged with the BLACKHOLE
> community outside the local routing domain, unless policy explicitly
> aims at doing just that."
>
> So if your local routing policy is to propagate those blackholes on to
> your upstreams (and its mutually agreed and they're configured to
> accept them), then it can be done. Nothing technical in the RFC
> stopping that.
>
> Theo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190131/6a08ca17/attachment.html>
More information about the NANOG
mailing list