North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: BGP route flap damping
- From: Kim Onnel
- Date: Wed Jan 18 04:59:34 2006
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=gkwkuqRYObs+hPoAEJdkypdvnKilOhAkF/jDwFtZ2Iwet9bHzewladP/xAaIfTODoRpq4B6HAuQ9R+CN80sGT6uKjfbHdojYYvIusMgNnpZwkz7b1Mos6Q736JNQtoB/Jm6LHWow3kcrvPnL3sE98HymorN3JU7JDP2uVP+IMbs=
Do this, configure and use blackhole routing with your upstream, this is how you stop an attack
How to detect it, use netflow.
On 1/16/06, Patrick W. Gilmore <firstname.lastname@example.org> wrote:
On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:
> Patrick W. Gilmore wrote:
>> Not much you can do about this in general. In your specific case,
>> since we don't know why your sessions died, we don't know what to
>> suggest to stop it. Perhaps change the timers with your upstream?
> My BGP connections (and annoucements) with/to my ISPs are all fine.
> The problem takes place five or six AS far from me... Where I can't do
> much. I still can't reach some prefixes announced by large ISPs.
> At the first time, I thought an e-mail to the NOC of the network I
> reach can solve the problem, but it was a waste of time...
I'm a little confused.
Are you saying you dampened the prefixes of some other network? If
so, it sounds like this is 100% in your control.
If the BGP sessions between you and your upstreams / peers never
flapped, no one should have dampened you. (I can see it possibly
happening if someone else in the path between you and $OtherNetwork
is attacked and therefore flaps your routes, but that would affect a
lot of networks, not just you.)