Blackhole Routes

• Previous message (by thread): Blackhole Routes
• Next message (by thread): Blackhole Routes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Richard A Steenbergen wrote:


> That said, it is still absolutely silly that we can't standardize on a 
> globally accepted blackhole community. A provider with many transit 
> upstreams who wishes to pass on blackhole routes for their customers could 
> quickly find themselves with some very messy configs and announcements 
> trying to get everyones' specific blackhole community in place. I know 
> we've all been tossing this idea around for a number of years, but if it 
> hasn't been done already will someone please get this put into a draft 
> already.
> 

The problem with this is authentication.  I can authenticate prefixes my 
customers advertise me (as much as currently possible anyway).  I can't 
authenticate a prefix coming in from a peer that is not filtered.  If an 
ISP were to accept any prefix with 65535:666 as a triggered blackhole, 
how do you trust that?  As much as I agree that a global blackhole 
community would be nice, that's a big gotcha with potential liability 
attached.

• Previous message (by thread): Blackhole Routes
• Next message (by thread): Blackhole Routes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]