[j-nsp] Am I carrying this route or not ?

Zehef Poto mpdechets at gmail.com
Sun Mar 24 16:24:43 EDT 2013


Thank you Payam. I think I got what you mean.

In this particular case however, the X/22 route is not a customer or
anything. It is the IXP's peering LAN !

So... It means that the person requested all the IXP's members to
null-route the whole peering LAN ? How can you possibly ask for this ?

I peer with several members within this LAN. If I null-route the X/22 LAN,
we agree that my peering sessions will go down, right ?

Thanks again,

2013/3/24 Payam Chychi <pchychi at gmail.com>

>  Carry a route is the same as accepting a route and having it become
> active, allowing traffic to traverse your network to the destination. In
> this case the user is asking you to drop the route (attack traffic) at your
> edge if possible and not to carry it through your network and deliver it to
> the end destination(his network) because its probably saturating or causing
> him performance issues.
>
> Normally networks well have a global community string that they can tag a
> route with and it will send it to null0, dropping that traffic at the edge
> v.s the user withdrawing its -/24 route from the advertise table. You can
> also go on the peering router and set the next hop route for the attacked
> destination ip to null0 (discard) and only traffic traversing that one
> router well drop the traffic (global community well handle this if you
>  have a multi homed network)
>
> Local nullroute example:
> "Set routing-options static route x.x.x.x/32 discard" ... Something like
> this
>
> All your doing is dropping traffic for x.x.x.x/x at your edge, most cases
> its a /32 nullroute.
>
> Google is your friend :)
> Cheers,
> --
> Payam Chychi
> Network Engineer / Security Specialist
>
> On Sunday, 24 March, 2013 at 6:47 AM, Zehef Poto wrote:
>
> Hey guys,
>
> Thank you all for the very valuable input. Actually yes, Tobias is right,
> I'm having this question because of the (quoted by Tobias) e-mail we got
> yesterday across several IXPs.
>
> I just don't understand what is to "carry a route in my backbone". Am I not
> supposed to know all of (or most of) the Internet routes, since I work with
> tier-1 upstream providers ? As a consequence, it means I'm carrying all
> these routes right ?
>
> A "show route X/22" tells that it was advertised by an eBGP peer on one of
> my edge routers, and the three other ones learnt this same route via OSPF.
>
> This is where I'm completely confused. What am I supposed to do to "carry"
> a route or not ?
>
> Thanks again,
>
> 2013/3/24 Tobias Heister <lists at tobias-heister.de>
>
> Hi All,
>
> Am 24.03.2013 00:26, schrieb Jeff Wheeler:
>
> Whoever that person is that said something about "use next-hop-self"
> in this context, either you misunderstood them, or you shouldn't
> listen to them anymore. That has nothing to do with looking to see if
> your router knows about a route.
>
>
> This sounds like the OP wants to help the cloudfare guys who send the
> following mail to DECIX/AMSIX (and probably other IX) yesterday.
>
> We're currently seeing a very large attack directed to our IP on AMS-IX
>
> (X).
>
>
> We request that all peers:
>
> 1) Don't carry this route (X/22) in your backbone. (you can set
>
> next-hop-self, etc). It'll save other security concerns and possible free
> transit you're giving away to others.
>
> 2) Filter any traffic within to the AMS-IX exchange fabric (again,
>
> X/22), except for your point to [multi]point BGP communications.
>
> --
> Kind Regards
> Tobias Heister
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>


More information about the juniper-nsp mailing list