nanog mailing list archives
Re: Blackhole Routes
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Thu, 30 Sep 2004 16:50:55 +0000 (GMT)
On Thu, 30 Sep 2004, Deepak Jain wrote:
It sounds like you are confusing ideas here... If BGP is making a forwarding table entry, that's it. Ports are not really considered in forwarding decisions -- or if they are, the box is usually called a Firewall, not a router.
Just thinking out loud here... BUT, you could potentially (provided you had the interfaces and time) re-next-hop certain traffic based on source or destination address (dest would be easiest, which means catching syn-ack and discarding it to drop the sessions as embryos) and filter out 'bad' stuff in a more centralized manner. There are risks with this, of course, and complications which you'll probably want to avoid in any decently large network. As Deepak points out though, this is leading down some very dark paths of midnight-troubleshooting on complex configurations :( -Chris
Current thread:
- Re: Blackhole Routes, (continued)
- Re: Blackhole Routes Randy Bush (Sep 30)
- Re: Blackhole Routes Christopher L. Morrow (Sep 30)
- Re: Blackhole Routes Will Yardley (Sep 30)
- Re: Blackhole Routes Stephen J. Wilcox (Sep 30)
- Re: Blackhole Routes Richard A Steenbergen (Sep 30)
- Re: Blackhole Routes Stephen J. Wilcox (Sep 30)
- Re: Blackhole Routes Pete Templin (Sep 30)
- Re: Blackhole Routes Deepak Jain (Sep 30)
- Re: Blackhole Routes Christopher L. Morrow (Sep 30)
- Re: Blackhole Routes Petri Helenius (Sep 30)