Blackhole Routes

Thu Sep 30 20:07:48 UTC 2004

On Thu, Sep 30, 2004 at 11:43:42AM -0700, Wayne E. Bouchard wrote:
> 
> Yes, well, in my case, I go through a dedicated server with multi-hop
> sessions and set a prefix limit of 25 or so so I don't get bombarded
> with 5 billion /32 routes and don't send those routes upstream. (I try
> to play nice when possible.) I expect that the upstreams have various
> defense mechanisms of their own to protect them against me
> misconfiguring my boxes as well. (It only makes sense..)

This tends to work better for a variety of reasons. Most importantly, a 
dedicated session with a dedicated prefix-list can easily be configured to 
accept up to /32s for blackhole routes only, it can easily be configured 
to tag all routes received no-export, and it can easily be placed into a 
seperate prefix-limit which will not affect production traffic forwarding 
if something goes wrong. Also, if you have customers attached to Juniper 
routers, you need to have the sessions configured multihop anyways, in 
order to turn on the ability to rewrite next-hop.

That said, it is still absolutely silly that we can't standardize on a 
globally accepted blackhole community. A provider with many transit 
upstreams who wishes to pass on blackhole routes for their customers could 
quickly find themselves with some very messy configs and announcements 
trying to get everyones' specific blackhole community in place. I know 
we've all been tossing this idea around for a number of years, but if it 
hasn't been done already will someone please get this put into a draft 
already.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)