|
North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Blackhole Routes
- From: Mark Kasten
- Date: Thu Sep 30 16:50:55 2004
Richard A Steenbergen wrote:
That said, it is still absolutely silly that we can't standardize on a
globally accepted blackhole community. A provider with many transit
upstreams who wishes to pass on blackhole routes for their customers could
quickly find themselves with some very messy configs and announcements
trying to get everyones' specific blackhole community in place. I know
we've all been tossing this idea around for a number of years, but if it
hasn't been done already will someone please get this put into a draft
already.
The problem with this is authentication. I can authenticate prefixes my
customers advertise me (as much as currently possible anyway). I can't
authenticate a prefix coming in from a peer that is not filtered. If an
ISP were to accept any prefix with 65535:666 as a triggered blackhole,
how do you trust that? As much as I agree that a global blackhole
community would be nice, that's a big gotcha with potential liability
attached.
|
|
|
