North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: 69/8...this sucks -- Centralizing filtering..
> CLM> From: Christopher L. Morrow > > CLM> This can be VERY dangerous, the default part atleast. At one > CLM> point we, as an experiment in stupidity (it turns out) > CLM> announced 0/1 (almost default). We quickly recieved well > CLM> over 600kpps to that announcement. This in a very steady > > Announced via IGP or BGP? I hope/assume the former, but am > somewhat surprised at the traffic volume... even for UUNet. I'm not surprised. My experience with defaults in ISPs is the same. The router advertising the default (or any large prefix) becomes a "packet vacuum" for any spoofed source packet returning backscatter and all those other auto-bots and worms looking for vulnerable machines. It turns the router into a sink hole. What saves many providers today is that these large route injections are spread across all their peering routers. This is like anycasting the prefix advertisements. People are discussing is putting these advertisements on anycasted Sink Holes. So instead of having the CIDR prefixes and the Null 0 lock-ups on the peering routers, you would put them on anycast Sink Hole routers. The anycast spreads the packet black hole load over several sink holes spread over the network. Barry