Attacks on BGP Routing Ranges

Roland Dobbins rdobbins at arbor.net
Thu Apr 19 03:01:46 UTC 2018


On 18 Apr 2018, at 18:03, Ryan Hamel wrote:

>  Could you explain how this can resolve my issue? I am not sure how 
> this would work.

You should have iACLs and GTSM enabled, as noted previously.

Ideally, the link should come from an unadvertised range, or a range 
which is sunk to null0 at the edge, as Job indicated.

If the link is numbered from a range assigned to your peer, they should 
have iACLs in place to prevent that range being packeted.

If the link is numbered from your own range, you should ask your peer to 
add that range to their iACLs, as well.

This .pdf preso discusses infrastructure self-protection concepts:

<https://app.box.com/s/osk4po8ietn1zrjjmn8b>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list