On Wed, Jan 10, 2001, John Payne wrote:
Thats what scripts and other automata are for.
I trust scripts to update mailservers which nobody else can be trying to configure at the same time (and name servers for that matter).
Injecting a blackhole route and letting IBGP propogate it is the same idea. (as long as it stays inside your network ;)
NOnono.. *sigh* I think after this I'm going to knock off this thread. I'm simply saying that the easiest method (null routing, open relays) isn't always the most "correct" method. I think that its nicer to simply drop the entire netblock (or even deaggregate it like someone suggests, which I hate doing, but ..) rather than null any traffic. That stops the traffic crossing your network (and if you find people policy routing it at multiple places, THEN you filter :) and lets it flow through any alternate links people might have without having to manually configure anything. Thats all I'm saying. Nice and simple. I'm not going to get drawn into a long discussion (well, a longer discussion) about something which should be simple. I don't like the idea of traffic being blackholed like that. I'd prefer it to simply be not announced. Grr, I repeated it again. You get the idea. Adrian -- Adrian Chadd "Sex Change: a simple job of outside <adrian@creative.net.au> to inside plumbing." - Some random movie