[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Global Blackhole Service

Subject: Global Blackhole Service
From: fw at deneb.enyo.de (Florian Weimer)
Date: Fri, 13 Feb 2009 21:59:48 +0100
In-reply-to: <[email protected]> (Valdis Kletnieks's message of "Fri, 13 Feb 2009 11:28:57 -0500")
References: <[email protected]> <[email protected]>

* Valdis Kletnieks:

> On Fri, 13 Feb 2009 15:57:32 +0100, Jens Ott - PlusServer AG said:
>> Therefore I had the following idea: Why not taking one of my old routers and
>> set it up as blackhole-service. Then everyone who is interested could set up a
>> session to there and
>>
>> 1.) announce /32 (/128) routes out of his prefixes to blackhole them
>> 2.) receive all the /32 (/128) announcements from the other peers with the IPs
>> they want to have blackholed and rollout the blackhole to their network.
>
> How do you vet proposed new entries to make sure that some miscreant doesn't
> DoS a legitimate site by claiming it is in need of black-holing?

The same way you prevent rogue announcements. 8-/

I guess an IX would be able to perform some validation of blacklisting
requests, or at least provide a contractual framework.  I don't think
a global solution exists (beyond the "use my route server" approach,
which is quite global--until there are two of them).

Follow-Ups:
- Global Blackhole Service
  - From: randy at psg.com (Randy Bush)

References:
- Global Blackhole Service
  - From: j.ott at plusserver.de (Jens Ott - PlusServer AG)
- Global Blackhole Service
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

Prev by Date: One /22 Two ISP no BGP
Next by Date: One /22 Two ISP no BGP
Previous by thread: Global Blackhole Service
Next by thread: Global Blackhole Service
Index(es):
- Date
- Thread