On Sun, 13 Feb 2005, Justin Ryburn wrote:
I have recently heard companies saying their reasoning for de-aggregation was 1) to protect against outages to their customer base when a more specific of their aggregate was announced somewhere else and 2) if they are getting DDOS attacked on a given /24 they can just drop that advertisement and only affect part of their customer base.
1) this only provides partial protection, even if you announce a /24 i can still announce my own /24 and get some of your traffic 2) either they are operating networks that cant support their business and i dont see why we should bale them out or in the cases where certain hosts are accepted by us as targets (ircnets etc) you could argue to obtain a discrete /24 which is the better evil than taking a /16 and breaking it down to take out a /24 i'm not keen on this latter idea, what if i operate an anti-ddos specialist isp, hosting ircnets, gambling, security sites etc - do i put each host in a /24 and waste a whole /16 with a couple hundred customers? i strongly believe if you want to be an autonomous internet provider then you should be able to run your network by accepted means not thro cheap hacks
As technically savvy folks, we may not agree with this line of reasoning. However, keep in mind that the technically savvy folks are not always the ones making the decisions within a company. Just because someone has enable access and clue does not mean they have the authority to make certain decisions. Most of those people probably spend a large amount of their time arguing with the decision makers to try and do the right thing but at some point they lose those arguments.
if their suppliers/peers disagree strongly they would not be able to present these options in the first place.. lack of regulation has its downsides it would seem.. Steve