nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: engineering --> ddos and flooding

From: "Geoff Zinderdine" <geoffz () mts net>
Date: Fri, 1 Jun 2001 14:39:06 -0500

Agreed.  Still you could just throw up a box at the end of that low speed
line and have your main peering session set it as NEXT_HOP for the host
route without needing it to be running a BGP session itself, no?

----- Original Message -----
From: "Mark Mentovai" <mark-list () mentovai com>
To: "Geoff Zinderdine" <geoff.zinderdine () mts mb ca>
Cc: <lucifer () lightbearer com>; <nanog () merit edu>
Sent: Friday, June 01, 2001 2:07 PM
Subject: Re: engineering --> ddos and flooding



Geoff Zinderdine wrote:

Why not just advertise the host route with an unreachable next hop from

your

main peering session?


Maybe your upstream sets the NEXT_HOP to your side of the point-to-point

for

you, just in case you neglected to do so.

Even if they don't, who's to say what's unreachable?  If the NEXT_HOP is
truly unreachable, in that there is no route to it, the BGP path won't be
marked as valid and won't make it to the IP routing table (Loc-RIB.)

I've long felt that IP should have come with a provision for an address

that

is never routed.  It would be great if we could get something like

127.0.0.2

for this very task.

Mark
Previous By Date Next
Previous By Thread Next

Current thread: