nanog mailing list archives

Re: Fwd: Re: Digital Island sponsors DoS attempt?

From: Jeffrey Haas <jhaas () nexthop com>
Date: Mon, 29 Oct 2001 18:12:11 -0500


On Mon, Oct 29, 2001 at 11:53:05AM -0800, Paul A Vixie wrote:

ok, so how do you handle a situation like orbs/abovenet as in late 1999?


I don't have the AUP's in question so my speculation is going to be
tainted.  I would probably have told them that I would continue announcing
their route (with the known hole) and prepended the heck out of it
to cause people to deprefer that prefix.  Additionally, I might
have added a new community 6461:foo and registered that info in the IRR
saying that 6461:foo means that some customer is being abusive and
you're protecting the Internet from them.

The point, I guess, is you're AUP wasn't propagated.  You can only
enforce the AUP with your direct customer.

(c) block traffic
to/from the /24 in question after carefully notifying the /16 owner that
this would be done and why.


This causes the least problems to your direct customer.  I can understand,
from a business perspective, how this was the preferred option.
However, it punished those who used your routes and wanted 
<no-value-judgement>
to reach ORBS
</no-value-judgement>
and rewarded your customer for lax AUP.

as we all know, (c) was chosen.  great was the hue and even greater the cry.
a recommendation was even made that if as6461 wasn't going to carry the whole
/16 that it ought to chop it up and only advertise the parts it could reach,
in spite of what these more-specifics would have done to the /16 owner's own
routing policy (they were multihomed.)

what would YOU have done?  justify your answer.  (show all work.)


I've noted my preferred solution (equivalent to the DON'T PREFER ME
community proposed some time ago).  I also noted my opinions on
this a while back in the "How does one make not playing nice with 
each other scale? (Was: net.terrorism)" thread.

I'm asking/suggesting: Is this just a business issue?  Given the
way the routing system works today are we going to see a lot more
blackholes in the system?  Does the routing protocol need to be adjusted
to deal with this business need or should the AUP deal with it?

-- 
Jeff Haas 
NextHop Technologies

Current thread:

Re: Fwd: Re: Digital Island sponsors DoS attempt?, (continued)
- - - Re: Fwd: Re: Digital Island sponsors DoS attempt? John Payne (Oct 30)
    - Re: Digital Island sponsors DoS attempt? Ryan Tucker (Oct 30)
    - RE: Fwd: Re: Digital Island sponsors DoS attempt? JC Dill (Oct 28)
    - Re: Fwd: Re: Digital Island sponsors DoS attempt? Adam McKenna (Oct 28)
    - Re: Fwd: Re: Digital Island sponsors DoS attempt? Valdis . Kletnieks (Oct 29)
    - RE: Fwd: Re: Digital Island sponsors DoS attempt? Charles Sprickman (Oct 29)
    - Re: Fwd: Re: Digital Island sponsors DoS attempt? Wojtek Zlobicki (Oct 29)
    - RE: Fwd: Re: Digital Island sponsors DoS attempt? jlewis (Oct 29)
    - Re: Fwd: Re: Digital Island sponsors DoS attempt? Jeffrey Haas (Oct 29)
    - Re: Fwd: Re: Digital Island sponsors DoS attempt? Paul A Vixie (Oct 29)
    - Re: Fwd: Re: Digital Island sponsors DoS attempt? Jeffrey Haas (Oct 29)