What I can say as an operator of one IRR, is that any proxy object is killed on sight. So this DDoS mitigation provider will probably need to look elsewhere for pulling this off. Rubens On Thu, Sep 26, 2024 at 11:34 AM Steven Wallace <ssw@internet2.edu> wrote:
Greeting,
One of the DDoS mitigation providers we work with creates proxy route objects for its customers’ prefixes. These route objects specify a common origin ASN rather than the actual origin ASN that would be seen in routing tables. Their rationale is to bind the prefixes to a single ASN, allowing the entire set of customer routes to be announced via an as-set.
Is this a common approach?
Just curious.
thanks,
steve
Steven Wallace Director - Routing Integrity Internet2 ssw@internet2.edu