On Wed, Oct 08, 2014 at 04:42:38PM +0200, Job Snijders wrote:
There are various flavors at the moment in terms of validation (please correct me if I am wrong): The Polish blackholing project only allows blackholes which fall within the set of prefixes which an ASN originates, the DE-CIX BS service accepts anything that is a subset of your AS-SET.
There is also "dynamic validation" approach: blackhole route is considered valid for injection if and only if there is a covering less-specific route with the best-path pointing to the same exit point as blackhole route. (definition of "exit point" can vary from "next ASn is the same we received blackhole from" to "both as-path and next-hops must be the same and aggregate route must be marked as customer's one"). This approach has its downside too: it requires you to run task-specific bgp speaker. Worse yet, usually you have to write that speaker :) -- In theory, there is no difference between theory and practice. But, in practice, there is.