North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Blackhole Routes
It sounds like you are confusing ideas here... If BGP is making a forwarding table entry, that's it. Ports are not really considered in forwarding decisions -- or if they are, the box is usually called a Firewall, not a router. It would be pretty trivial to take the information you are generating and dump them into an IPFW or similar table and filter them that way. It would not be as effective, but you could watch your netflow data and selectively add holes or filters based on abuse of certain IP:port combinations. However, if you can destroy end-to-end connectivity and your customers are happy, I wouldn't change a thing. Its much simpler to debug a blackhole then it is a more selective filter. Deepak Jain AiNET Eric Germann wrote: We use a variation of this for several things. At the risk of getting in to political policy discussions ...
|