[c-nsp] Route Aggregation and Deaggregation
Elmar K. Bins
elmi at 4ever.de
Thu Jul 19 03:04:28 EDT 2012
andrew at 2sheds.de (Andrew Miehs) wrote:
> On Thu, Jul 19, 2012 at 4:25 PM, Jennifer Pruett <jennypruett88 at gmail.com>wrote:
>
> > Thanks for the comments so far! I am too under the same logic; however, a
> > certain provider that provides traffic scrubbing (to remain anonymous) for
> > DoS attacks states that any prefixes that we announce to them for scrubbing
> > should be deaggregated from other providers so that no other providers
> >
> >
> What is this "scrubbing" that you are referring to?
My guess is: Blackholing unwanted traffic on the transit side.
In that case there's a good chance of traffic towards the deaggregated
/24 coming in via one of the other ISPs.
In order to make sure that traffic for the /24 only reaches you through
ISP1, you would have to advertise that /24 to ISP1 and all other /24s
in a somehow deaggregated sense (more likely /20+/21+/22+/23+/24) to
the other ISPs.
Yet, this would mean polluting the DFZ. The correct solution of course
is: If you need traffic scrubbing, either have all three ISPs do that,
or use a totally different network block for scrubbed traffic.
Elmar, not wanting to imagine this in an IPv6 environment...
More information about the cisco-nsp
mailing list