North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Best way to deal with bad advertisements?
In message <199609281508.IAA02192@falcon.netflight.com>, Matthew Petach writes: > > Hi! > > I'm going to ask the rest of the NANOG community > for their thoughts/opinions on a problem that's > been plaguing us periodically that we haven't > been able to find a satisfactory solution for > yet. > > There's an ISP back on the East Coast that has > been periodically advertising more specific > routes for /24's out of our CIDR blocks and > black-holing the traffic within their network. > > We've called all the listed numbers for their > technical, admin, billing, and any other contacts > we can find, and haven't been able to reach a > human; we've left messages of various levels of > nastyness, from very sugary on up to vaguely > threatening. In every case, including the > current one, it's been more than 24 hours, > and they still haven't made any response to > the problem; in fact, I just got paged by our > NOC early this morning informing me they've > stolen another one of our /24's. > > As you can well imagine, all the customers on > those blocks are _very_ unhappy. Each time this > happens, we end up with dissatisfied customers, > many of whom leave, deciding that we're too > unstable, and can't provide quality network > connectivity, even though to the best of my > knowledge, there's nothing we can do to prevent > these people from stealing our blocks. > > My question to the NANOG community is twofold and > simple: Am I overlooking some solution that would > allow us to 'negate' their advertisement of our > blocks (184.108.40.206/24 and 220.127.116.11/24 in > this case) and secondly, is there a formal process > within the community to seek recompense, or formal > action against a clueless and net-unfriendly ISP, > perhaps one as simple as the net equivalent of > Mennonite 'shunning'? > > Or are we simply out of luck, and have to simply > tell our customers "Sorry, everyone is at the > mercy of the morons who can steal IP blocks > simply by advertising more specific routes > with higher weights?" > > It's getting really tempting to advertise the > networks they have their nameservers on from > *our* network with a weight of 65535, just to > get them to call us back. :-( :-( > > Anyhow, enough frustrated venting, I *am* very > interested in what the community feels is the > best policy to follow in situations like this. > > Thanks again! > > Matt Petach > Network Engineer > (writing from home) A good solution would be for providers to only accept routes registered in a routing database (the IRR) from those authorized to send them with hierarchical authorization within the database (as implemented by RIPE) and strong authentication (PGP as implemented by the RA) and top level authorization based on IANA or delegated address registry assignments. But you've heard this before. The best any one provider can do is to accurately populate the IRR and if possible (based on the limitations of their routers) put the IRR data into use in defining filters. Curtis - - - - - - - - - - - - - - - - -