BGP route flap damping
Kim Onnel
karim.adel at gmail.com
Wed Jan 18 09:58:19 UTC 2006
Do this, configure and use blackhole routing with your upstream, this is how
you stop an attack
How to detect it, use netflow.
On 1/16/06, Patrick W. Gilmore <patrick at ianai.net> wrote:
>
>
> On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:
>
> > Patrick W. Gilmore wrote:
> >>
> >> Not much you can do about this in general. In your specific case,
> >> since we don't know why your sessions died, we don't know what to
> >> suggest to stop it. Perhaps change the timers with your upstream?
> >
> > My BGP connections (and annoucements) with/to my ISPs are all fine.
> >
> > The problem takes place five or six AS far from me... Where I can't do
> > much. I still can't reach some prefixes announced by large ISPs.
> >
> > At the first time, I thought an e-mail to the NOC of the network I
> > can't
> > reach can solve the problem, but it was a waste of time...
>
> I'm a little confused.
>
> Are you saying you dampened the prefixes of some other network? If
> so, it sounds like this is 100% in your control.
>
> If the BGP sessions between you and your upstreams / peers never
> flapped, no one should have dampened you. (I can see it possibly
> happening if someone else in the path between you and $OtherNetwork
> is attacked and therefore flaps your routes, but that would affect a
> lot of networks, not just you.)
>
> --
> TTFN,
> patrick
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060118/71259a26/attachment.html>
More information about the NANOG
mailing list