North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Effective ways to deal with DDoS attacks?

  • From: Lincoln Dale
  • Date: Sun May 05 04:10:59 2002

At 03:34 AM 5/05/2002 +0000, Christopher L. Morrow wrote:
I was hoping someone else might mention this, BUT what about the case of
customers providing transit for outbound but not inbound traffic for their
customers?
two methods:
[1] if your customer has their own AS, have them route the (valid) networks
to you with the no-export bgp attribute set.

[2] if they're not BGP connected, then surely you have some idea of what subnet(s)
they're sending traffic out from? (i hope so).
if so, then you'd have static-routes for those subnets pointing at their interface.
you don't necessarily have to include those static-routes in announcements to
your peers.

both of [1] & [2] may mean that more traffic may 'prefer' the link from you to the customer. (probably doubly so given you're uunet and the amount of transit that goes thru you). in that case, perhaps using the no-advertise community so that the route stays 'local' to a router (or local to a city) will prove sufficient.


cheers,

lincoln.