Being blackhole by some one.
Hi, We just being blackhole by some ISP during their provisioning, a few hours ago. I thought that bogus route should be filtered by the NAP. Is there a way to prevent from somebody blackholing you ? It takes a lot of affort to solve this problem, especially those who need to update their router through rrdb automatically. Which suppose to solve blackhole problem accidentally. Thanks, Tony S. Hariman http://www.tsh.or.id Tel: +62(21)574-2488 Fax: +62(21)574-2481
Tune in to this comming nanog, there are a couple of presentations try to address the issue. --jessica Date: Fri, 23 Jan 1998 22:30:06 +0700 To: nanog@merit.edu From: "Tony S. Hariman" <tonyh@[202.158.2.130]> Subject: Being blackhole by some one. Return-Path: owner-nanog@merit.edu MIME-Version: 1.0 Content-transfer-encoding: 7BIT Sender: owner-nanog@merit.edu Content-Type: text/plain; charset=US-ASCII Content-Length: 475 Hi, We just being blackhole by some ISP during their provisioning, a few hours ago. I thought that bogus route should be filtered by the NAP. Is there a way to prevent from somebody blackholing you ? It takes a lot of affort to solve this problem, especially those who need to update their router through rrdb automatically. Which suppose to solve blackhole problem accidentally. Thanks, Tony S. Hariman http://www.tsh.or.id Tel: +62(21)574-2488 Fax: +62(21)574-2481
We just being blackhole by some ISP during their provisioning, a few hours ago. I thought that bogus route should be filtered by the NAP. Is there a way to prevent from somebody blackholing you ? It takes a lot of affort to solve this problem, especially those who need to update their router through rrdb automatically. Which suppose to solve blackhole problem accidentally.
Could you please explain the issue more specifically. "Blackhole" could have many meanings. randy
We just being blackhole by some ISP during their provisioning, a few hours ago. I thought that bogus route should be filtered by the NAP. Is there a way to prevent from somebody blackholing you ? It takes a lot of affort to solve this problem, especially those who need to update their router through rrdb automatically. Which suppose to solve blackhole problem accidentally.
Could you please explain the issue more specifically. "Blackhole" could have many meanings.
randy
Blackhole to me means you've been added to a certain someones SPAM blackhole feed. I suspect the interpretation here is accidental announcement. Regards, -- Martin Hannigan V:617.500.0108 Director - Data Networks F:617.500.0002 XCOM Technologies, INC. hannigan@xcom.net Cambridge, MA http://www.xcom.net
Blackhole here means that someone from different AS announce our network using BGP. So all the incoming traffic that suppose to go to us, rerouted to this ISP. Looking through Digex Mae-East looking glass this is what it suppose to be 202.158.0.0/19 192.41.177.181 50 100 0 3561 4787 4787 4787 i 192.41.177.145 100 0 4200 4787 i But during the blackhole this is what is look like: BGP routing table entry for 202.158.0.0/20, version 9520334 Paths: (4 available, best #3, advertised over IBGP) 1800 1239 4003 7713 192.41.177.240 from 192.41.177.240 (198.67.131.49) Origin incomplete, metric 11, localpref 100, valid, external Community: 2548:668 1239 4003 7713 165.117.1.122 (metric 28416) from 165.117.1.122 Origin incomplete, metric 57, localpref 100, valid, internal Community: 2548:668 Originator : 165.117.1.122, Cluster list: 165.117.1.122 1239 4003 7713 192.41.177.241 from 192.41.177.241 (144.228.107.1) Origin incomplete, metric 57, localpref 100, valid, external, best Community: 2548:668 1239 4003 7713 192.41.177.242 from 192.41.177.242 (144.228.101.1) Origin incomplete, metric 59, localpref 100, valid, external Community: 2548:668 To solve this problem I temporarily inject more specific route by dividing my /19 to 4 /21 I talk to the owner of AS7713 they said during provisioning with their upstream provider they make a mistake inadvertently announce our ip block and few other ISP block. I just wondering if this misshaps could be prevented, even someone make a mistake. Thanks, On 23 Jan 98 at 10:35, Randy Bush wrote:
Could you please explain the issue more specifically. "Blackhole" could have many meanings.
Tony S. Hariman http://www.tsh.or.id Tel: +62(21)574-2488 Fax: +62(21)574-2481
I talk to the owner of AS7713 they said during provisioning with their upstream provider they make a mistake inadvertently announce our ip block and few other ISP block.
I just wondering if this misshaps could be prevented, even someone make a mistake.
Not now. There is hope to prevent this in the not too distant future. randy
I wonder if there is some kind of SOP before someone announce a route ? I thought you supposed to lookup at radb first before trying to announce those routes. On 23 Jan 98 at 17:59, Randy Bush wrote:
Not now. There is hope to prevent this in the not too distant future.
Tony S. Hariman http://www.tsh.or.id Tel: +62(21)574-2488 Fax: +62(21)574-2481
participants (5)
-
unknown@example.com
-
Jessica Yu
-
Martin Hannigan
-
Randy Bush
-
tonyh@noc.cbn.net.id