Blackhole Routes

• Previous message (by thread): Blackhole Routes
• Next message (by thread): Blackhole Routes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It goes a little further than that these days. Folks are openly
> allowing customers to advertize routes with something lika a 666
> community which will then be blackholed within their network. So if
> you're a service provider with your own blackhole system, you can
> easily tie it into your upstream's system and dump the traffic many
> hops away from you meaning that the traffic is getting dumped closer
> to the source than the destination in a fair number of cases.
> 

This is very dangerous however.....

If providers start tying their customer's blackhole announcements to the 
provider's upstreams' blackhole announcements in an AUTOMATIC process, 
bad things <tm> are likely to happen. What happens when a customer of a 
provider mistakenly advertises more routes than he should [lets say 
specifics in case #1] you can flood your upstreams' routers with 
specifics and potentially cause flapping or memory overflows...

In case #2, presumably the blackhole community takes precedence, so if a 
customer is mistakenly readvertising their multihome provider's table 
with a 666 tag, all of the upstream providers might be blackholing the 
majority of their non-customer routes.

Non-automatic tying of customer blackholes to upstream or peer 
blackholes is a powerful tool to improve the stability of the net as a 
whole.

Deepak Jain
AiNET

• Previous message (by thread): Blackhole Routes
• Next message (by thread): Blackhole Routes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]