[Outages-discussion] Cogent disconnecting Russia
Grant Taylor
gtaylor at tnetconsulting.net
Fri Mar 4 15:42:44 EST 2022
On 3/4/22 1:19 PM, Anthony Hoppe wrote:
> wouldn't all providers that have trunks to Russia need to be in
> agreeance? If some providers turn down their Russia trunks, wouldn't
> that just cause the traffic to be re-routed over the remaining trunks?
> Thus then causing a domino affect of overloading those who chose to
> remain up?
I can see a way that operators could be more devious. Leave their
trunks up and BGP neighbor sessions established. Re-advertise things
through the BGP neighbor sessions like they have been, but null route
things across the trunks. Thus operating as a black hole for traffic
local to the peer and attracting traffic from the other side of the peer.
I can also see re-advertising the prefixes into the global BGP network
so that others can then implement similar null routes on their systems
much further away from the actual peering connections.
There are more questionable / dishonest things that can be done, like
originating new /24 advertisements (possibly with fake origins) towards
Russia with a very short AS Path, in the hopes of attracting traffic to
null routes.
Or, feed 256^3 /24 prefixes to purposefully try to overload equipment.
In short, simply shutting down the interfaces would in some ways be the
nicer option in that there are less nice options.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20220304/47e25fed/attachment.p7s>
More information about the Outages-discussion
mailing list