North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DoS attacks, NSPs unresponsiveness

  • From: Mark Mentovai
  • Date: Fri Nov 03 18:22:39 2000

Joe Shaw wrote:
>Wouldn't it be better, at least from an engineering standpoint, to still
>announce their routes with AS padding to increase the AS-path so in the
>event their other connection(s) goes down they still have some type of
>inbound connectivity?  It seems like your example would work in a best
>case scenario, but customer X would drop off of the planet in the event of
>a partial outage without some manual reconfiguration.  I did something
>similar to what you are suggesting, but we still announced the routes,
>with padding, so that in the event of a failure the network could still
>function.  The link did fail eventually (would you believe me if I
>mentioned there was a backhoe and a contractor involved?), and while the
>network was certainly slower than normal, it continued to function
>adequately so that there was no perceivable outage seen by our customers.

In theory, yes, but in practice, I've found that no matter how much you use
AS prepending on routing announcements for a specific link, there is some
minimum amount of traffic that you will always receive through it, and that
amount may be more than you're willing to accept for anything other than an
emergency situation.  The length of the AS path is not the first thing that
a router looks at when deciding which path offers the best route.  I've used
certain circuits as "manually operated backups" in the past because the
minimum amount of traffic I'd have pulled in on that pipe was larger than
the pipe itself.  During an emergency, though, slow and bad connectivity is
better than no connectivity at all.  (In case of contractor, break glass.)

My BGP wish list includes some better way of selecting a path, which gives
the initial advertiser more control over inbound traffic.