On Thu, Sep 30, 2004 at 11:43:42AM -0700, Wayne E. Bouchard wrote:
Yes, well, in my case, I go through a dedicated server with multi-hop sessions and set a prefix limit of 25 or so so I don't get bombarded with 5 billion /32 routes and don't send those routes upstream. (I try to play nice when possible.) I expect that the upstreams have various defense mechanisms of their own to protect them against me misconfiguring my boxes as well. (It only makes sense..)
This tends to work better for a variety of reasons. Most importantly, a dedicated session with a dedicated prefix-list can easily be configured to accept up to /32s for blackhole routes only, it can easily be configured to tag all routes received no-export, and it can easily be placed into a seperate prefix-limit which will not affect production traffic forwarding if something goes wrong. Also, if you have customers attached to Juniper routers, you need to have the sessions configured multihop anyways, in order to turn on the ability to rewrite next-hop. That said, it is still absolutely silly that we can't standardize on a globally accepted blackhole community. A provider with many transit upstreams who wishes to pass on blackhole routes for their customers could quickly find themselves with some very messy configs and announcements trying to get everyones' specific blackhole community in place. I know we've all been tossing this idea around for a number of years, but if it hasn't been done already will someone please get this put into a draft already. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)