On Fri, May 06, 2016 at 10:51:46AM -0400, Christopher Morrow wrote: > The authors of: draft-ietf-grow-blackholing had asked for WGLC to be > started on their document. The abstract is: > > This document describes the use of a well-known Border Gateway > Protocol (BGP) community for blackholing at IP networks and Internet > Exchange Points (IXP). This well-known advisory transitive BGP > community, namely BLACKHOLE, allows an origin AS to specify that a > neighboring IP network or IXP should blackhole a specific IP prefix. > > The URL to the document: > <https://tools.ietf.org/html/draft-ietf-grow-blackholing-00> > > Please have a read, give it some consideration and send > comments/questions/ACK/NACK back so the authors can adjust course or > celebrate a process victory over the document snake.
I'm generally supportive of the draft in its current state. A (re-)read does cause me to ask the following: : BGP speakers SHOULD only accept and honor BGP announcements carrying : the BLACKHOLE community if the announced prefix is covered by a : shorter prefix for which the neighboring network is authorized to : advertise. The "authorized to advertise" is a bit on the vague end. (I.e. how do you write code for it?) Could the authors give a bit more guidance here? For example, would an AS_PATH that is a proper prefix of the less specific route's AS_PATH do? The incremental deployment case is also a bit ugly. If this more specific route is received by a router that doesn't understand the community, it will instead forward that more specific traffic toward the advertiser. Presumably it would eventually reach a router that knows what it means and blackhole it, so it's not tragic as long as the forwarding path in question can absorb the traffic (which is presumably at DDoS levels). -- Jeff _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
