nanog mailing list archives
Re: BGP route flap damping
From: Kim Onnel <karim.adel () gmail com>
Date: Wed, 18 Jan 2006 11:58:19 +0200
Do this, configure and use blackhole routing with your upstream, this is how you stop an attack How to detect it, use netflow. On 1/16/06, Patrick W. Gilmore <patrick () ianai net> wrote:
On Jan 16, 2006, at 8:48 AM, Gustavo Rodrigues Ramos wrote:Patrick W. Gilmore wrote:Not much you can do about this in general. In your specific case, since we don't know why your sessions died, we don't know what to suggest to stop it. Perhaps change the timers with your upstream?My BGP connections (and annoucements) with/to my ISPs are all fine. The problem takes place five or six AS far from me... Where I can't do much. I still can't reach some prefixes announced by large ISPs. At the first time, I thought an e-mail to the NOC of the network I can't reach can solve the problem, but it was a waste of time...I'm a little confused. Are you saying you dampened the prefixes of some other network? If so, it sounds like this is 100% in your control. If the BGP sessions between you and your upstreams / peers never flapped, no one should have dampened you. (I can see it possibly happening if someone else in the path between you and $OtherNetwork is attacked and therefore flaps your routes, but that would affect a lot of networks, not just you.) -- TTFN, patrick
Current thread:
- BGP route flap damping Gustavo Rodrigues Ramos (Jan 16)
- Re: BGP route flap damping Patrick W. Gilmore (Jan 16)
- Re: BGP route flap damping Gustavo Rodrigues Ramos (Jan 16)
- Re: BGP route flap damping Randy Bush (Jan 16)
- Re: BGP route flap damping Patrick W. Gilmore (Jan 16)
- Re: BGP route flap damping Kim Onnel (Jan 18)
- Re: BGP route flap damping Gustavo Rodrigues Ramos (Jan 16)
- Re: BGP route flap damping Patrick W. Gilmore (Jan 16)
- <Possible follow-ups>
- Re: BGP route flap damping Kotikalapudi Sriram (Jan 25)