This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] Route(6) objects

Previous message (by thread): [db-wg] Route(6) objects
Next message (by thread): [db-wg] Route(6) objects

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush randy at psg.com
Fri Jul 7 17:05:53 CEST 2023

> Here the problem is "for longer defensive prefixes"
> For example in normal situation I advertise /32 to my ip transit providers.
> When DDoS happens then one of my providers will start advertisin 1x/48
> of my /32 prefix to hi-jack the route from us and filter it.

i did not say that your provider advertised, did i?

>> By doing this the internet will always (also under normal
>> circumstances) prefer that one provider.
>> 
>> 0 - register irr and rpki objects for aggregates and for longer
>>     defensive prefixes
>> 
>> 1 - announce only aggregates to both providers
>> 
>> 2 - when ddosed,
>>     - do not change announcement of aggregate to non-mediating
>>     - deaggregate announcement to mediating provider
>> 
>> 3 - when ddos ends, return to state 1

randy

Previous message (by thread): [db-wg] Route(6) objects
Next message (by thread): [db-wg] Route(6) objects

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]