The whole scenario still feels specious to me. To start with, for redundancy a particular ALT infrastructure node will be multiply-connected to the aggregation level above it. This will be true for sites as well -- they will be multiply-connected to first-level ALT nodes, whether those ALT nodes are provided by a site's access provider or not. There is no single point of ALT connectivity to hold hostage.
However, because of aggressive aggregation of routing information, each node needs to attempt to connect to all next-level aggregators (above it), or packets might be lost if sent to the "wrong" aggregator. So there is some potential vulnerability ... ... but an ALT node that pretended to have routes to all active EIDs within a prefix, while simultaneously refusing a connection to a valid holder of an EID prefix and intentionally blackholing packets to it, would be seen as a disruptor of the entire system. However, because of redundancy, the system can easily defend itself -- higher level ALT nodes can stop depending on the misbehaving node to route any packets at all, at least for the including prefix. This is not an architecture issue, it's an operations issue. -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
