|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: engineering --> ddos and flooding
Walter Prue wrote: >I came up with a solution for networks with ISP connections to deal >quickly with DDOS attacks without having to be able to work with a >network technician at the ISP for immediate relief. If the ISP agrees, >install a second low speed connection to the same router your primary >router BGP peers with. Through this low speed connection you run a >second bgp session advertising the /32 that is being attacked by the >DDOS. You mark the /32 as NO-ADVERTISE so the route doesn't leave the >border router. Or, without adding an extra connection, negotiate a NULLROUTE community with your upstream provider. This would be a wonderful addition to the well-known BGP communities. I'll bring this up on IDR. Mark
|