nanog mailing list archives
RE: [admin] [summary] RE: YouTube IP Hijacking
From: "Barry Greene (bgreene)" <bgreene () cisco com>
Date: Tue, 26 Feb 2008 09:53:27 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Missing a tag in the trigger is why you put the Murphy Filters in the trigger router's route-map (the point you were getting at but being even more explicit). In my route map on the trigger router, I would not allow any static route triggers which did not have an exact match. I would also set the BGP advertisement to have - by default - the no-export community, a community range for all my triggers, and limit all my triggers to be below /24 (i.e /25 - /32). I then have three things to set my egress prefix filters to all my peers and customers: - comply with the default communities (no export) - filter all communities in my trigger range - filter anything in the /25 - /32 range. BTW - "Murphy Filters" is my term for policy filters which expect "Murphy's Law of Networking" to kick in. You have to expect human error. In addition to this, I would have my upstream mirror my filters. Life sucks when you advertise big blocks of the Internet and you become one giant sink hole (until you go congestion collapse, drop the BGP session and start flapping like crazy).
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Christopher Morrow Sent: Tuesday, February 26, 2008 8:59 AM To: hjan Cc: nanog () merit edu Subject: Re: [admin] [summary] RE: YouTube IP Hijacking On Tue, Feb 26, 2008 at 10:40 AM, hjan <hjan () libero it> wrote:I think that they should use remote triggered blackhole filtering with no-export community. In this way they do the job with no impact on the rest of internet.so, certainly this isn't a bad idea, but given as an example: <http://www.secsup.org/CustomerBlackHole/> (Sorry not a perfect example, but illustrates my point) instead of: ip route my.offensive.material.0 255.255.255.0 Null0 tag 12345 the operator in question (person not place) types: ip route my.offensive.material.0 255.255.255.0 Null0 tag 1234 oops, a simple cut/paste mistake means that a route didn't get tagged properly, didn't get community tagged properly, didn't get set no-export and didn't get kept internally :( There is no SINGLE fix for this, there is a belt+suspenders approach: 1) Know what you are advertising (customer side of the puzzle) 2) Know what you are expecting to recieve (provider side of the puzzle) 3) plan for failures in both parts of this puzzle. -Chris
-----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBR8RSF7/UEA/xivvmEQJUKACfZB+typ7sIJMnDS+QrO0MqGED+CYAoKFC iBmY+pq0CohSIJwtu5pgzCJt =xiog -----END PGP SIGNATURE-----
Current thread:
- Re: [admin] [summary] RE: YouTube IP Hijacking, (continued)
- Re: [admin] [summary] RE: YouTube IP Hijacking Alex Pilosov (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)
- RE: [admin] [summary] RE: YouTube IP Hijacking Barry Greene (bgreene) (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Arnd Vehling (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Leo Vegoda (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Arnd Vehling (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Adrian Chadd (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking hjan (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Christopher Morrow (Feb 26)
- RE: [admin] [summary] RE: YouTube IP Hijacking Barry Greene (bgreene) (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Jared Mauch (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Aaron Glenn (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Adrian Chadd (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Mark Newton (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Jared Mauch (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Adrian Chadd (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Adrian Chadd (Feb 26)
- Re: YouTube IP Hijacking Christopher Morrow (Feb 25)
- RE: YouTube IP Hijacking Barry Greene (bgreene) (Feb 25)
- Re: YouTube IP Hijacking Todd Underwood (Feb 25)