[Outages-discussion] Cogent disconnecting Russia

Grant Taylor gtaylor at tnetconsulting.net
Fri Mar 4 15:42:44 EST 2022


On 3/4/22 1:19 PM, Anthony Hoppe wrote:
> wouldn't all providers that have trunks to Russia need to be in 
> agreeance?  If some providers turn down their Russia trunks, wouldn't 
> that just cause the traffic to be re-routed over the remaining trunks? 
> Thus then causing a domino affect of overloading those who chose to 
> remain up?

I can see a way that operators could be more devious.  Leave their 
trunks up and BGP neighbor sessions established.  Re-advertise things 
through the BGP neighbor sessions like they have been, but null route 
things across the trunks.  Thus operating as a black hole for traffic 
local to the peer and attracting traffic from the other side of the peer.

I can also see re-advertising the prefixes into the global BGP network 
so that others can then implement similar null routes on their systems 
much further away from the actual peering connections.

There are more questionable / dishonest things that can be done, like 
originating new /24 advertisements (possibly with fake origins) towards 
Russia with a very short AS Path, in the hopes of attracting traffic to 
null routes.

Or, feed 256^3 /24 prefixes to purposefully try to overload equipment.

In short, simply shutting down the interfaces would in some ways be the 
nicer option in that there are less nice options.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20220304/47e25fed/attachment.p7s>


More information about the Outages-discussion mailing list