nanog mailing list archives
Re: RTBH no_export
From: Łukasz Bromirski <lukasz () bromirski net>
Date: Thu, 31 Jan 2019 21:17:18 +0100
On 31 Jan 2019, at 20:28, Roel Parijs <roel.parijs () gmail com> wrote: Hello NANOG, To minimize the impact of DDoS, I have setup RTBH. For our own customers, we can set the RTBH community ourselves towards our transit suppliers and this works well. For our BGP customers the problem is more complex. Our BGP customers can send us the RTBH community, and we will drop the traffic at our borders. Since we're only running a small network, we don't have the capacity to deal with large attacks. If we would be able to forward (and maybe alter it) this RTBH community towards our upstream providers, the impact on our network would be limited. However, the RFC states that an announcement tagged with the blackhole community should get the no_advertise or no_export community. What is your opinion on this ?
Community agreed between you and your peer is one thing, the other is community agreed with your upstreams. If in addition you own the customer IP space, it’s even less of a problem. And… if you upstreams agree to signal RTBH with you, it’s added bonus for them - they’re stopping the flood at their own edges thanks to you. win-win-win-drop ;) — ./
Current thread:
- RTBH no_export Roel Parijs (Jan 31)
- Re: RTBH no_export Łukasz Bromirski (Jan 31)
- Re: RTBH no_export Nick Hilliard (Jan 31)
- Re: RTBH no_export Theodore Baschak (Jan 31)
- Re: RTBH no_export Alejandro Acosta (Jan 31)
- RE: RTBH no_export Michel Py (Jan 31)
- Re: RTBH no_export Alejandro Acosta (Jan 31)
- RE: RTBH no_export Michel Py (Jan 31)