On Thu, 2004-09-30 at 15:45, Robert A. Hayden wrote:
There are mechanisms to do it using eBGP and communities as well which I'm sure most on this list are more familiar with.
Think of blackholing as a way to surgically remove a specific IP from your network, without having to deal with pushing ACLs into multiple entry points. At least that's what it accomplishes for us.
And perhaps more importantly, when using eBGP blackholing communities, without DDoS traffic hitting your ingress bandwidth from your upstreams. ACL's can only filter traffic that's already at your edge, whereas blackholing allows your upstream to filter it for you throughout his network, reducing the risk of congested links. Cheers, -- --- Erik Haagsman Network Architect We Dare BV tel: +31(0)10 7507008 fax:+31(0)10 7507005 http://www.we-dare.nl