nanog mailing list archives
Re: Trusted Networks Initiative: DDoS fallback set of AS'es
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Thu, 16 Apr 2015 17:30:35 -0400
On Thu, Apr 16, 2015 at 4:42 PM, joel jaeggli <joelja () bogus com> wrote:
On 4/16/15 1:30 PM, Valdis.Kletnieks () vt edu wrote:On Thu, 16 Apr 2015 22:13:56 +0200, Job Snijders said:If you don't want packets from 1312 don't announce to them?I'm probably at least 4-5 AS's away, and you're probably routed to us through Cogent or similar large transit. Feel free to not announce your routes to Cogent because you don't want packets from my AS... (For whatever value of "Cogent" you have for your upstream)bearing in mind that transit providers rarely give you communities to influence their customers, just peers. There is an illusion of control that provider no export communities provide that always requires confirmation when applied. if 1312 buys the full internet cone they can also install a default. so they can send you packets even if they in fact do not have your route.
lesson learned don't use an example... Note I also said: " (or othersimilar options)." (ha! here's more examples!) o poison the route with remote asn' in the aspath! (except for default followers) o ask for packet filter from upstream isp o stop announcing your route o filter on your side of the fence. in any case the idea still seems silly.
Current thread:
- Trusted Networks Initiative: DDoS fallback set of AS'es David Hofstee (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Valdis . Kletnieks (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Job Snijders (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Valdis . Kletnieks (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es joel jaeggli (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Randy Bush (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Randy Bush (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Daniel Karrenberg (Apr 22)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Randy Bush (Apr 29)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Valdis . Kletnieks (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)