|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Blackhole Routes
Richard A Steenbergen wrote: That said, it is still absolutely silly that we can't standardize on a globally accepted blackhole community. A provider with many transit upstreams who wishes to pass on blackhole routes for their customers could quickly find themselves with some very messy configs and announcements trying to get everyones' specific blackhole community in place. I know we've all been tossing this idea around for a number of years, but if it hasn't been done already will someone please get this put into a draft already. The problem with this is authentication. I can authenticate prefixes my customers advertise me (as much as currently possible anyway). I can't authenticate a prefix coming in from a peer that is not filtered. If an ISP were to accept any prefix with 65535:666 as a triggered blackhole, how do you trust that? As much as I agree that a global blackhole community would be nice, that's a big gotcha with potential liability attached.
|