RIPE NCC publishes case study of youtube.com hijack
Jeff Aitken
jaitken at aitken.com
Fri Feb 29 18:14:23 UTC 2008
On Fri, Feb 29, 2008 at 06:46:15AM -0800, David Ulevitch wrote:
> The point is -- Restrictive customer filtering can also bite you in the
> butt. Trying to require your providers to do a "ge 19 le 25" (or
> whatever your largest supernet is), rather than filters for specific
> prefix sizes seems a worthwhile endeavor so you can de-aggregate on the
> fly, as necessary.
If you support community-based blackholes, your customers want/need to be
able to advertise up to /32. At a previous job we defined customer
prefix-filters as "prefix/mask upto 32" and then applied a reasonable
max-prefix setting[1]. This allowed customers to send us a reasonable
number of deaggregates for blackholing or TE purposes but protected us
from a full-on leak/deaggregation event. Needless to say, each prefix
with a mask longer then /24 was tagged with no-export as well, so those
longer prefixes weren't propagated beyond our network.
[1] We had a limited number of customer buckets... IIRC something like 2500,
5000, 15000, and 25000. That keeps the number of different configurations
to a minimum number but still gives adequate protection.
--Jeff
More information about the NANOG
mailing list