|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Blackhole Routes
On Thu, Sep 30, 2004 at 02:15:49PM -0400, Deepak Jain wrote: > provider mistakenly advertises more routes than he should [lets say > specifics in case #1] you can flood your upstreams' routers with > specifics and potentially cause flapping or memory overflows... > > In case #2, presumably the blackhole community takes precedence, so if a > customer is mistakenly readvertising their multihome provider's table > with a 666 tag, all of the upstream providers might be blackholing the > majority of their non-customer routes. If a customer has a prefix filter, he cannot announce bogus routes. If every BGP session in your network is protected by a max-prefix limit, no matter who leaks, the damage will be limited and contained. If you apply both types of filter to all customers, the worst that can happen is that one of your larger customers can inject a few thousand of his own more-specifics into your network before he trips the max-prefix limit. Additionally, re: case #1 above, any customer-announced route with your blackhole community attached should be tagged with NO_EXPORT or your internal equivalent. --Jeff
|