North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: net.terrorism
On Wed, Jan 10, 2001 at 03:12:44PM +0800, Adrian Chadd wrote: > On Tue, Jan 09, 2001, John Payne wrote: > > On Tue, Jan 09, 2001 at 09:49:50PM +0800, Adrian Chadd wrote: > > > I'd rather get partial announcements than traffic-filtered announcements. > > > That way, my other network pipes (which hopefully have a path without > > > above.net in it to vuurwerk) will take over. above.net are happy. > > > vuurwerk is happy. life is good. no bitching or extra configuration. > > > > personally speaking, and no disrespect to any abovenet network engineers, or anyone > > else, but I would *MUCH* rather a solution which doesn't involve them logging > > onto several routers to block 1 route (I don't know how many places abovenet peer > > with uunet, but I'll bet that its more than 1 place) > > > > a) Add a blackhole route (1 config change) > > b) Tag/block route on ingress (X config changes) > > c) block route on egress (Y config changes) > > That in itself is bogus. How many MXes do you run? Can you seriously > tell me that every time you add a domain to your MX servers you consider > the updates "too difficult" ? > > I mean, going by what you said above, we might as well run open relays. > That way, whenever we add new domains, thats 1 config change to your > primary MX host to accept mail, and bewm! it works! No, I updated the list of domains in one place and its automatically taken care of on the other boxes. > Thats what scripts and other automata are for. I trust scripts to update mailservers which nobody else can be trying to configure at the same time (and name servers for that matter). Injecting a blackhole route and letting IBGP propogate it is the same idea. (as long as it stays inside your network ;) -- John Payne http://www.sackheads.org/jpayne/ [email protected] http://www.sackheads.org/uce/ Fax: +44 870 0547954 To send me mail, use the address in the From: header
|