nanog mailing list archives

RE: Deaggregating for emergency purposes

From: "Derek Samford" <dsamford () fastduck net>
Date: Wed, 7 Aug 2002 10:48:00 -0400

Please...Let this thread just die.

Derek

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Chris Woodfield
Sent: Wednesday, August 07, 2002 10:25 AM
To: Phil Rosenthal
Cc: 'Omachonu Ogali'; nanog () merit edu
Subject: Re: Deaggregating for emergency purposes

Truth be told, if someone was advertising your space illegitimately, any
networks that 
use the IRR's to filter would not be accepting the rogue announcement in
the first place, 
at least in theory. Thus, the emergency registration of more-specific
route object should 
not be necessary, right?

-C

On Tue, Aug 06, 2002 at 01:29:58PM -0400, Phil Rosenthal wrote:


Most ISPs that build off of the IRR's do it nightly.  I am talking

about

10 /24's out of /19, and I'm not announcing any of the /24's -- and

wont

unless there is an emergency, and only then would it be temporary.

--Phil

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf

Of

Omachonu Ogali
Sent: Tuesday, August 06, 2002 4:00 AM
To: nanog () merit edu
Subject: Re: Deaggregating for emergency purposes

What about announcing and registering with your IRR, more-specific
routes for the period that the problem ONLY exists, instead of being
lazy?

If all else fails, break out Outlook and your favorite translator,
because last time I checked, speaking English was not a requirement to
run a network. Even if most of you do, this is not a "Majority Rules"
situation.

On Mon, Aug 05, 2002 at 10:47:33PM -0700, john () chagresventures com
wrote:


get on the bandwaggon that filtering is a good thing ?? :)

at some point some transit is going to listen and drop the 
announcement.

Lets take an example.  Deep Dark middle of asia, someone starts 
announcing a /24 of yours.  Their upstream takes the packet, and so 
forth.  At some point they will touch a NSP or ISP (international 
service provider) and you can get things dropped their.


Yes. End of story. Go directly to the finish diamond at the end of

your

flowchart. If the next step in your flowchart is "pollute IRRs with
3592375238957235893275839572 /32s", please return your maintainer
object.

Your pushing out a /24 will help slurp some of the traffic towards 
you, but not all.

Personally I have deagged some prefixes to cause a DOS/DDOS towards

particular address to route down a slow connection I had.  Sacrifice
one link, to keep customers running on the others.  But thats

different.

Yes, but you removed it later on, correct?

Its about networking, the people kind, at this point.

cheers

john brown
chagres technologies, inc

On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote:


But the question is, what do you do if it's coming from somewhere 
with a difficult to contact NOC, and their upstream is difficult

to

contact as well?

--Phil

-----Original Message-----
From: John M. Brown [mailto:jmbrown () ihighway net]
Sent: Monday, August 05, 2002 8:12 PM
To: Phil Rosenthal
Cc: nanog () merit edu
Subject: Re: Deaggregating for emergency purposes

Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected

Having had this happen to me several different times, I'd have to
recommend, calling the NOC of the advertising party. as the pref'd

way

of handling it.

On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote:


I am currently announcing only my aggregate routes, but I have 
lately
thought about the possibility of someone mistakenly, or

maliciously,

announcing more specifics from my space. The best solution for

an

emergency response to that (that I can think of), is registering

all

of the /24's that make up my network, so if someone should

announce a

more-specific, I can always announce the most specific that

would

be

accepted (assuming they don't announce the /24's too, it should

be

problem avoided)

Does anyone else have any other ideas on ways to quickly deal

with

someone else announcing your more specifics, since contacting

their

NOC is likely going to take a long time...

--Phil


-- 
Omachonu Ogali
missnglnk () informationwave net
http://www.informationwave.net

Current thread:

Re: RFC 2870's applicability, (continued)
- - - Re: RFC 2870's applicability Ralph Doncaster (Aug 07)
    - Re: RFC 2870's applicability Paul Vixie (Aug 07)
    - Re: RFC 2870's applicability John M. Brown (Aug 08)
    - Re: RFC 2870's applicability (Re: Deaggregating for emergency purposes) Patrick (Aug 07)
    - Re: RFC 2870's applicability (Re: Deaggregating for emergency purposes) Brad Knowles (Aug 09)
    - Re: RFC 2870's applicability (Re: Deaggregating for emergency purposes) Stephen Sprunk (Aug 09)
    - Re: RFC 2870's applicability (Re: Deaggregating for emergency purposes) Randy Bush (Aug 09)
    - Re: RFC 2870's applicability (Re: Deaggregating for emergency purposes) Paul Vixie (Aug 09)
    - Re: Deaggregating for emergency purposes Adam Rothschild (Aug 06)
    - Re: Deaggregating for emergency purposes Chris Woodfield (Aug 07)
    - RE: Deaggregating for emergency purposes Derek Samford (Aug 07)
    - Re: Deaggregating for emergency purposes Valdis . Kletnieks (Aug 07)
    - RE: Deaggregating for emergency purposes Phil Rosenthal (Aug 07)
    - Re: Deaggregating for emergency purposes Richard A Steenbergen (Aug 06)
- Re: Deaggregating for emergency purposes E.B. Dreger (Aug 06)
  - Re: Deaggregating for emergency purposes bmanning (Aug 06)
- RE: Deaggregating for emergency purposes Jeff S Wheeler (Aug 06)
  - Re: Deaggregating for emergency purposes bdragon (Aug 06)
- RE: Deaggregating for emergency purposes ril_phosenthal (Aug 07)
  - "... I don't think that means what he thinks it means..." bmanning (Aug 07)