[c-nsp] Sinkhole Routing
Marko Milivojevic
markom at pangalactic.net
Wed Sep 29 09:14:34 EDT 2004
> I've also heard of scenarios where a customer will announce their entire
> aggregate with the blackhole tag, and then generate more specific
> announcements without. The provider accepts the aggregate, processes it
> internally as blackhole, and advertises it to their friends and neighbors
> normally. The provider also accepts the more specifics, passes them
> throughout their network, and allows the more specific announcement to
> override the "default" blackhole behavior.
>
> Took me a bit to re-engineer my customer inbound route maps, but a very
> logical application nonetheless.
This is actually quite brilliant, if your upstream will: A) accept all
the more-specific routes you decide to throw at him (this includes all those
/32's loopbacks and /30 interconnections) B) will announce blackholed route
to his peers (which may or may not be the case).
Assuming your upstream will do A and B from the above, this also quite
considerably lowers "background noise" in your network (if you have large
allocation and you are paying for the actual traffic, this could lower the
bill considerably) and makes it easier to blackhole the poor victim.
***
Unfortunately, I am not sure how much all of this helps our original
poster, who seems to be in DoS trouble, but unable to realise that there is
nothing he can do about it without his ISP :-(.
Marko.
More information about the cisco-nsp
mailing list