Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: engineering --> ddos and flooding

  • From: Geoff Zinderdine
  • Date: Mon Jun 04 03:37:51 2001

 > Assuming not adding the extra connection, this means that upstream prefix
> filtering, so that one can't mistakenly inject 255 /24s rather than a
> single /16, would go out the window.  Now think about /32s and what the
> routing tables will start to look like.  Now consider that the upstream
> would also want to send to its upstream Tier-1 the NULLROUTE /32 as well
> that his bandwidth is not eaten up as well and we have a situation whereby
> routing table size will triple in size every year.

This is a stop gap measure for customer networks.  Those null routed /32s
are not
meant to be permanently advertised, they are meant to free the customer's
pipe from
smurf/fraggle until the SP can do something about it.  What would be the
point of permanently
blackholing a host on your network?

I would imagine that most tier 1's are going to filter anything longer than
a /24 whether
you advertise it or not.  The question isn't about route table size, it is
your SP will go the extra mile to give you a proactive option to deal with
attack and has
someone clueful to implement it that will take responsibility for it (not
that it is hard).

This is a very limited measure that only helps in a very particular
situation for a small subset of
customer networks.  I think it is a very useful tool for that particular
situation... it is not meant as
a principle that SP networks should apply to their upstream as well.

Geoff Zinderdine
MTS Communications Inc.


The views expressed here are not necessarily those of my employer.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.