On Mon, Jul 20, 2015 at 3:40 PM, ML <ml@kenweb.org> wrote:
On 7/20/2015 2:57 PM, Valdis.Kletnieks@vt.edu wrote:
On Mon, 20 Jul 2015 19:42:39 +0100, Colin Johnston said:
see below for china ranges I believe, ipv4 and ipv6
You may believe... but are you *sure*? (Over the years, we've seen *lots* of "block China" lists that accidentally block chunks allocated to Taiwan or Australia or other Pacific Rim destinations).
If you really wanted to go the route of blocking all/almost all China. Isn't there a short list of ASNs that provide transit to China citizens/networks? I'm referring to AS4134, AS4837, etc Wouldn't blackholing any prefix with those ASNs in the AS path accomplish the goal and stay up to date with a new prefixes originated from China?
That would prevent you from responding to their traffic (assuming DFZ), but their traffic would still have a valid route to your network. JM