Re: attacking DDOS using BGP communities?

[Saku Ytti <saku+nanog () ytti fi>]

On (2002-10-18 04:13 -0400), John Fraizer wrote:

> You receive a prefix with the communities 1111:1 2222:2 3333:3 and
> TTL-COMM:2.  You need to decrement the TTL-COMM value while leaving the
> other 3 communities unchanged.

Yes this would need change in IOS/JunOS but it wouldn't actually be
hard to code this feature. But I still think it would be beneficial
if green elves would configure it as non-additive change to all routers
globally. Yes, you couldn't use it as offering partial visibility since
it would most propably break few things here and there but it would 
increase your possibility in finding out which AS# is/are originating the
attack.

I'm just waiting for the green elves. But in the mean time, would 
anyone configure decrement of TTL-COMM if JunOS and IOS
would magically start to support such feature in hopes of reaching
some time large enough cover to actually do anything good.

> Unless *ALL* vendors change their code to compare AS-PATH length for
> prefixes against the TTL-COMM value, decrementing the value as the route
> is passed from peer to peer is the only way to make this work that I can
> think of.  Doing that without nixing the other communities that may need
> to be passed as well becomes a serious challenge.

Yes, it's quite optimistic and naive to think such concensus could be
achieved when much more modest changes which would require global 
co-operation never happen. 

> Heck, the route-map to do this without regard for other communities would
> still be pretty hairy.
>
> Am I missing something here?

No, thanks for the comments. 

-- 
  ++ytti