Fwd: Re: Digital Island sponsors DoS attempt?

• Previous message (by thread): Fwd: Re: Digital Island sponsors DoS attempt?
• Next message (by thread): Four Arrested in Pedophile Sting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 29, 2001 at 11:53:05AM -0800, Paul A Vixie wrote:
> ok, so how do you handle a situation like orbs/abovenet as in late 1999?

I don't have the AUP's in question so my speculation is going to be
tainted.  I would probably have told them that I would continue announcing
their route (with the known hole) and prepended the heck out of it
to cause people to deprefer that prefix.  Additionally, I might
have added a new community 6461:foo and registered that info in the IRR
saying that 6461:foo means that some customer is being abusive and
you're protecting the Internet from them.

The point, I guess, is you're AUP wasn't propagated.  You can only
enforce the AUP with your direct customer.

> (c) block traffic
> to/from the /24 in question after carefully notifying the /16 owner that
> this would be done and why.

This causes the least problems to your direct customer.  I can understand,
from a business perspective, how this was the preferred option.
However, it punished those who used your routes and wanted 
<no-value-judgement>
to reach ORBS
</no-value-judgement>
and rewarded your customer for lax AUP.

> as we all know, (c) was chosen.  great was the hue and even greater the cry.
> a recommendation was even made that if as6461 wasn't going to carry the whole
> /16 that it ought to chop it up and only advertise the parts it could reach,
> in spite of what these more-specifics would have done to the /16 owner's own
> routing policy (they were multihomed.)
> 
> what would YOU have done?  justify your answer.  (show all work.)

I've noted my preferred solution (equivalent to the DON'T PREFER ME
community proposed some time ago).  I also noted my opinions on
this a while back in the "How does one make not playing nice with 
each other scale? (Was: net.terrorism)" thread.

I'm asking/suggesting: Is this just a business issue?  Given the
way the routing system works today are we going to see a lot more
blackholes in the system?  Does the routing protocol need to be adjusted
to deal with this business need or should the AUP deal with it?

-- 
Jeff Haas 
NextHop Technologies

• Previous message (by thread): Fwd: Re: Digital Island sponsors DoS attempt?
• Next message (by thread): Four Arrested in Pedophile Sting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]