* [email protected] (Steven Wallace) [Thu 26 Sep 2024, 18:36 CEST]:
One of the DDoS mitigation providers we work with creates proxy
route objects for its customers’ prefixes. These route objects
specify a common origin ASN rather than the actual origin ASN that
would be seen in routing tables. Their rationale is to bind the
prefixes to a single ASN, allowing the entire set of customer routes
to be announced via an as-set.
Is this a common approach?
I don't think there really are enough DDoS mitigation providers to
speak of anything being common in that industry.
Any IRRdb worth their salt will have such prefixes removed
automatically if the protected entity is worth their salt and
created RPKI ROAs for the prefixes in question, of course.
Wouldn't route-set be the better way to create a collection of routes..?
https://www.ripe.net/publications/docs/ripe-358/#1220
-- Niels.
