On Wed, Jan 10, 2001 at 03:12:44PM +0800, Adrian Chadd wrote:
On Tue, Jan 09, 2001, John Payne wrote:
On Tue, Jan 09, 2001 at 09:49:50PM +0800, Adrian Chadd wrote:
I'd rather get partial announcements than traffic-filtered announcements. That way, my other network pipes (which hopefully have a path without above.net in it to vuurwerk) will take over. above.net are happy. vuurwerk is happy. life is good. no bitching or extra configuration.
personally speaking, and no disrespect to any abovenet network engineers, or anyone else, but I would *MUCH* rather a solution which doesn't involve them logging onto several routers to block 1 route (I don't know how many places abovenet peer with uunet, but I'll bet that its more than 1 place)
a) Add a blackhole route (1 config change) b) Tag/block route on ingress (X config changes) c) block route on egress (Y config changes)
That in itself is bogus. How many MXes do you run? Can you seriously tell me that every time you add a domain to your MX servers you consider the updates "too difficult" ?
I mean, going by what you said above, we might as well run open relays. That way, whenever we add new domains, thats 1 config change to your primary MX host to accept mail, and bewm! it works!
No, I updated the list of domains in one place and its automatically taken care of on the other boxes.
Thats what scripts and other automata are for.
I trust scripts to update mailservers which nobody else can be trying to configure at the same time (and name servers for that matter). Injecting a blackhole route and letting IBGP propogate it is the same idea. (as long as it stays inside your network ;) -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 To send me mail, use the address in the From: header