RE: Attacks on BGP Routing Ranges

[Nikos Leontsinis <Nikos.Leontsinis () eu equinix com>]

You are not supposed to announce that range anyway as you shouldn't be announcing your infrastructure range for your 
protection. Ask your upstream providers  not to expose that range too.
There are many ways around that selective redistribution or they can just protect that range.  How they do it is none 
of your concern and there are many ways of achieving this. In my view this should
be added on a best practice rfc. I am assuming that you are using that block just for your bgp session.

/nikos

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Ryan Hamel
Sent: Wednesday, April 18, 2018 11:38 AM
To: nanog () nanog org
Subject: Attacks on BGP Routing Ranges

Hello,

I wanted to poll everyones thoughts on how to deal with attacks directly on BGP peering ranges (/30's, /127's).

I know that sending an RTBH for our side of the upstream routing range does not resolve the issue, and it would 
actually make things worse by blackholing all inbound traffic on the carrier I send the null to. What are my options 
for carriers that are not willing to help investigate the situation or write up a firewall rule to mitigate it on the 
circuit? I am not a fan of naming and shaming because it has unintended consequences.

Thanks in advance for everyone's suggestions.

Ryan Hamel
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has 
been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the 
use of the intended recipient and may be legally privileged. If you have received this email in error, please notify 
the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, 
The Netherlands. Registered in The Netherlands No. 57577889.