Communities for blackholes (was: re: net.terrorism)

Joshua Goodall joshua at roughtrade.net
Tue Jan 9 15:55:40 UTC 2001



On Tue, 9 Jan 2001, Adrian Chadd wrote:

> The problem with communities here is that:
> 
> * bgp communities apply to a route announcement, not an arbitrary network.
>   The /16 is being announced here and passing through above.net, and if
>   above.net wanted to tag the specific host they'd have to announce the /32.

Which shouldn't be a problem for transit customers, and I'd have a hard
time believing that Above's European edges don't have the CPU/memory to
carry the set of blackholes.

> * besides the few well-known ones, each router participating needs to
>   know what the community maps to.

Hopefully not a major configuration issue for either party.

Why would anyone want to do this, given that blackholing is generally only
against abusive hosts? Here's one hypothetical: Let's say you run a
database of known open relays. You have transit from a stable,
well-maintained provider.

However... you don't want your transit RBLd (etc), or your system may
return false negatives. Perhaps there are other reasons. For example, that
reverse lookup "relaytest.orbs.vuurwerk.nl" indicates experimentation, not
abuse.

How's that for a more positive suggestion.

joshua





More information about the NANOG mailing list