[c-nsp] Sinkhole Routing

Marko Milivojevic markom at pangalactic.net
Wed Sep 29 09:14:34 EDT 2004


> I've also heard of scenarios where a customer will announce their entire 
> aggregate with the blackhole tag, and then generate more specific 
> announcements without.  The provider accepts the aggregate, processes it 
> internally as blackhole, and advertises it to their friends and neighbors 
> normally.  The provider also accepts the more specifics, passes them 
> throughout their network, and allows the more specific announcement to 
> override the "default" blackhole behavior.
>
> Took me a bit to re-engineer my customer inbound route maps, but a very 
> logical application nonetheless.

    This is actually quite brilliant, if your upstream will: A) accept all 
the more-specific routes you decide to throw at him (this includes all those 
/32's loopbacks and /30 interconnections) B) will announce blackholed route 
to his peers (which may or may not be the case).

    Assuming your upstream will do A and B from the above, this also quite 
considerably lowers "background noise" in your network (if you have large 
allocation and you are paying for the actual traffic, this could lower the 
bill considerably) and makes it easier to blackhole the poor victim.

    ***

    Unfortunately, I am not sure how much all of this helps our original 
poster, who seems to be in DoS trouble, but unable to realise that there is 
nothing he can do about it without his ISP :-(.

Marko.



More information about the cisco-nsp mailing list