|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: UUNet Offer New Protection Against DDoS
On Mar 3, 2004, at 11:24 AM, Stephen Perciballi wrote:
Indeed. One could even get "fancy" and set of different community sets to allow customers to drop traffic only on peering routers (as opposed to customer or all routers, etc..). The "Customer-Triggered Real Time Blackhole" tutorial that Chris, Tim and I gave in Miami talks about how to go about doing this. One step further is uRPF coupling with blackhole routing for sourced- based drops, though I suspect you probably won't want to do this with customers :-) Finally, the BGP Flow Specification stuff provides a start at a more granular BGP-based method by employing new AFI/SAFI. If you've got feedback please pass it along. http://www.tcb.net/draft-marques-idr-flow-spec-00.txt -danny
|