nanog mailing list archives

Re: Tier1 blackholing policy?

From: David Miller <dmiller () tiggee com>
Date: Wed, 01 May 2013 08:46:40 -0400

On 05/01/2013 05:40 AM, Thomas Schmid wrote:

Joel,

Am 30.04.2013 18:00, schrieb joel jaeggli:

On 4/30/13 8:23 AM, Thomas Schmid wrote:

On 30.04.2013 17:07, Chris Boyd wrote:

On Tue, 2013-04-30 at 10:59 -0400, ML wrote:

1) Do nothing - They're supposed deliver any and all bits
(Disregarding
a DoS or similiar situation which impedes said network)
2) Prefix filter - Don't be a party (at least in one direction) to
the
bad actors traffic.


3 - Deliver all packets unless I've signed up for an enhanced security
offering?


right - I see this really as something that should be decided at the
edge
of the internet (Tier2+) and not in the core.

You seem to have odd ideas about what it means to be a settlement
free provider. Most of their customers are not smaller internet
service providers.


I know what it means to be a customer of
$LargeGlobalISPthatsellsTransittootherISPs since
1995 and I have *never* seen one of these guys blackholing
single IPs on their own (and I'm not talking about RTB, botnet
controllers that threaten to kill
the internet etc.). Now since a few weeks we get regular complaints
about this. So something has changed.

The sensitive approach would really be to make this an opt-in service
for their customers
and not a default service without opt-out option. In times of CGN and
hundrets or thousands of
websites behind one IP, blocking addresses is not the right answer to
the phishing problem.


... or perhaps on an internet where many network owners block / police /
throttle packets by source or destination, implementing CGN or stacking
thousands of websites behind one IP address are poor solutions to the
connectivity problem.

My only issue is the lack of information provided when blocks go into
place.  I would love to see networks provide information publicly that
shows what is being blocked along with a description of why.  A history
that extends for a few days would be a bonus.

-DMM

Current thread:

Re: Tier1 blackholing policy? Thomas Schmid (May 01)
- Re: Tier1 blackholing policy? Dobbins, Roland (May 01)
- Re: Tier1 blackholing policy? David Miller (May 01)
  - Re: Tier1 blackholing policy? Michael Hallgren (May 01)
- <Possible follow-ups>
- Re: Tier1 blackholing policy? Rich Kulawiec (May 01)
  - Re: Tier1 blackholing policy? Jared Mauch (May 01)