<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16544" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=494561413-03022008><FONT face=Arial
color=#0000ff size=2>yes absolutely, if an agreement could be reached <SPAN
class=868381613-03022008>- then </SPAN>that is a neater solution, but I wonder
if an agreement could ever be reached in a timescale that doesn't make
deployment of the alternative more attractive as it doesn't require everyone to
agree.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Rick Astley [mailto:jnanog@gmail.com]
<BR><B>Sent:</B> 03 February 2008 06:56<BR><B>To:</B> Ben Butler<BR><B>Cc:</B>
nanog@merit.edu<BR><B>Subject:</B> Re: Blackholes and IXs and Completing the
Attack.<BR></FONT><BR></DIV>
<DIV></DIV>I see your point, but I think maintaining the box for the control
session would also require a decent amount of work.<BR>Presumably, since you
must all adhere to some quasi-standard to communicate with the control peer, you
could probably also agree on creating a standard BGP community (ie. 64666:666
& no-export) to use and just skip the middle man.<BR><BR>Granted, I am kind
of new as well, and I assume if the solution were that simple more people would
be using it.<BR><BR><BR>
<DIV class=gmail_quote>On Feb 2, 2008 9:07 PM, Ben Butler <<A
href="mailto:ben.butler@c2internet.net">ben.butler@c2internet.net</A>>
wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2>Hi,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN><FONT face=Arial color=#0000ff size=2>Agreed,
but when you have >100 peers that is still a fair bit of work.
</FONT></SPAN><SPAN><FONT face=Arial color=#0000ff size=2>I know technically
how to do it and am doing this with transits but then there are only seven of
those. It is not a question of how or can, but should / is it valuable /
constructive?</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN>The starting point in the
thought process having just done it for transits was right ok, now how do we
sensibly scale this to apply it at IXes without everyone having to run round
contacting everyone else and to see if there was an easier way of doing
things, hence the suggestion. Plus it keeps things nice a separated,
your IX peering sessions announce just the main prefixes, the session to the
"blackhole reflector" can be in a separate peer-group and you only send the
/32s to the reflector. You don't have to worry about who uses which
communities as each member that chooses to peer with the reflector is able to
apply an inbound routemaps of their own choosing to any prefixes they receive
from this reflector at each individual IX.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN>Given that an ISP has elected
to Complete the attack on a host that is being DoSed, for whatever reason, and
they have chosen to send blackhole announcements to transit the logical
extension seems to be to automate the sending of them to IXs to try to further
cut down on traffic. This seems like a easy way, internally you just
community tag on the trigger box for where you want the announcement to go,
transit, internal, customers, IX all,1 2 not 3 - whatever - and BGP sends it
out. Easy, and a single system to send out all updates when you choose to and
easy to remove when you want to take it out again.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN>If you subscribe to
completing the attack as a strategy, then the suggestion seemed like an easy
way of rolling it out to the next logical point after
transit.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN>Kind
Regards</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN>Ben</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff
size=2></FONT><BR></DIV></DIV></BLOCKQUOTE></DIV><BR></BODY></HTML>