Hi,
On Sat, Oct 01, 2016 at 04:51:36PM +0200, Fredy Kuenzler wrote:
> To achieve this I think we need a collaborative community effort setting
> up a common procedure and define a BGP communitiy with the effect "do
> not announce beyond Switzerland".
I think this is an awesome idea.
The situation is similar here in DE - nobody could stand an 1 Tbit DDoS
attack, and a large number of content offerings are targeted only to
german speaking customers, so if DE/A/CH work, 99% of the customers
are still able to reach the site.
I'm not really sure how this would work in your example - what if you
have two customers in a given BGP announcement, one of them *does* want
to be reached world-wide (like, corporate VPNs) and the other one is
attacked? Split the aggregate, or bit the bullet and have all of them
with limited reach, for the time being?
(We currently work this "the other way round" by using the "out of country"
and "out of continent" blackhole communities offered by NTT - so the customer
under attack would be announced as a "faraway RTBH" route - but this isn't
good enough yet either, as not all transits offer this...)
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
