Blackhole Routes
Mark Kasten
mark.kasten at savvis.net
Thu Sep 30 20:47:30 UTC 2004
Richard A Steenbergen wrote:
> That said, it is still absolutely silly that we can't standardize on a
> globally accepted blackhole community. A provider with many transit
> upstreams who wishes to pass on blackhole routes for their customers could
> quickly find themselves with some very messy configs and announcements
> trying to get everyones' specific blackhole community in place. I know
> we've all been tossing this idea around for a number of years, but if it
> hasn't been done already will someone please get this put into a draft
> already.
>
The problem with this is authentication. I can authenticate prefixes my
customers advertise me (as much as currently possible anyway). I can't
authenticate a prefix coming in from a peer that is not filtered. If an
ISP were to accept any prefix with 65535:666 as a triggered blackhole,
how do you trust that? As much as I agree that a global blackhole
community would be nice, that's a big gotcha with potential liability
attached.
More information about the NANOG
mailing list