engineering --> ddos and flooding
Geoff Zinderdine
geoffz at mts.net
Mon Jun 4 07:36:17 UTC 2001
> Assuming not adding the extra connection, this means that upstream prefix
> filtering, so that one can't mistakenly inject 255 /24s rather than a
> single /16, would go out the window. Now think about /32s and what the
> routing tables will start to look like. Now consider that the upstream
> would also want to send to its upstream Tier-1 the NULLROUTE /32 as well
so
> that his bandwidth is not eaten up as well and we have a situation whereby
> routing table size will triple in size every year.
This is a stop gap measure for customer networks. Those null routed /32s
are not
meant to be permanently advertised, they are meant to free the customer's
pipe from
smurf/fraggle until the SP can do something about it. What would be the
point of permanently
blackholing a host on your network?
I would imagine that most tier 1's are going to filter anything longer than
a /24 whether
you advertise it or not. The question isn't about route table size, it is
whether
your SP will go the extra mile to give you a proactive option to deal with
attack and has
someone clueful to implement it that will take responsibility for it (not
that it is hard).
This is a very limited measure that only helps in a very particular
situation for a small subset of
customer networks. I think it is a very useful tool for that particular
situation... it is not meant as
a principle that SP networks should apply to their upstream as well.
Geoff Zinderdine
CCNP CCA MCP
MTS Communications Inc.
================================================================
The views expressed here are not necessarily those of my employer.
More information about the NANOG
mailing list