North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Fwd: Re: Digital Island sponsors DoS attempt?
> As an infrastructure owner, the important thing is that if you're > going to announce reachability, it should be real. If you blackhole > stuff in the middle of a netblock and distribute it as an untainted > netblock in your BGP, you're depriving people of clean routes. ok, so how do you handle a situation like orbs/abovenet as in late 1999? a /16 owned by a transit customer of as6461 had in it a /24 used by orbs. the orbs traffic violated as6461's aup, which the /16's owner had signed. the /16 owner had a less restrictive aup for its downstreams (including orbs) than as6461 had, and thus had a weak contractual basis for enforcing the as6461 aup on orbs. as6461 had three possible choices: (a) ignore it and hope the nonuniform enforcement of the aup didn't show up as a problem elsewhere at a later time; (b) disconnect orbs' upstream on the basis of their inability to conform to the aup they had signed; or (c) block traffic to/from the /24 in question after carefully notifying the /16 owner that this would be done and why. as we all know, (c) was chosen. great was the hue and even greater the cry. a recommendation was even made that if as6461 wasn't going to carry the whole /16 that it ought to chop it up and only advertise the parts it could reach, in spite of what these more-specifics would have done to the /16 owner's own routing policy (they were multihomed.) what would YOU have done? justify your answer. (show all work.)
|