69/8...this sucks -- Centralizing filtering..

Barry Raveendran Greene bgreene at cisco.com
Mon Mar 10 19:17:55 UTC 2003




> CLM> From: Christopher L. Morrow
> 
> CLM> This can be VERY dangerous, the default part atleast. At one
> CLM> point we, as an experiment in stupidity (it turns out)
> CLM> announced 0/1 (almost default).  We quickly recieved well
> CLM> over 600kpps to that announcement. This in a very steady
> 
> Announced via IGP or BGP?  I hope/assume the former, but am
> somewhat surprised at the traffic volume... even for UUNet.


I'm not surprised. My experience with defaults in ISPs is the same. The router
advertising the default (or any large prefix) becomes a "packet vacuum" for any
spoofed source packet returning backscatter and all those other auto-bots and
worms looking for vulnerable machines. It turns the router into a sink hole.

What saves many providers today is that these large route injections are spread
across all their peering routers. This is like anycasting the prefix
advertisements. People are discussing is putting these advertisements on
anycasted Sink Holes. So instead of having the CIDR prefixes and the Null 0
lock-ups on the peering routers, you would put them on anycast Sink Hole
routers. The anycast spreads the packet black hole load over several sink holes
spread over the network. 

Barry




More information about the NANOG mailing list