Re: [EXTERNAL] Re: RTBH no_export

2019-02-04 Thread John Kristoff
On Mon, 4 Feb 2019 09:01:20 + i3D.net - Martijn Schmidt wrote: > Cogent does let you use RTBH, but on a separate BGP session to a > blackhole server. So it's a bit more hassle to set it up policy-wise, > because it deviates from the standard. Same story for "former > GlobalCrossing", now Cent

RE: [EXTERNAL] Re: RTBH no_export

2019-02-04 Thread Nikos Leontsinis
I heard that before... -Original Message- From: Vincent Bernat Sent: Monday, February 4, 2019 9:48 AM To: i3D.net - Martijn Schmidt Cc: Nikos Leontsinis ; Paul S. ; nanog@nanog.org Subject: Re: [EXTERNAL] Re: RTBH no_export ❦ 4 février 2019 09:01 +00, i3D.net - Martijn Schmidt

Re: [EXTERNAL] Re: RTBH no_export

2019-02-04 Thread Vincent Bernat
❦ 4 février 2019 09:01 +00, i3D.net - Martijn Schmidt : > Cogent does let you use RTBH, but on a separate BGP session to a > blackhole server. So it's a bit more hassle to set it up policy-wise, > because it deviates from the standard. Same story for "former > GlobalCrossing", now CenturyLink's

Re: [EXTERNAL] Re: RTBH no_export

2019-02-04 Thread i3D . net - Martijn Schmidt
that all of us use the > same community. > At least we made some progress there... > > -Original Message- > From: NANOG On Behalf Of Paul S. > Sent: Sunday, February 3, 2019 11:08 PM > To: nanog@nanog.org > Subject: [EXTERNAL] Re: RTBH no_export > > +1, exactl

RE: [EXTERNAL] Re: RTBH no_export

2019-02-04 Thread Nikos Leontsinis
ssage- From: NANOG On Behalf Of Paul S. Sent: Sunday, February 3, 2019 11:08 PM To: nanog@nanog.org Subject: [EXTERNAL] Re: RTBH no_export +1, exactly what we did. I also recommend implementing per-upstream/region blackhole communities (so your users can choose who to blackhole as they see fit.)

Re: RTBH no_export

2019-02-03 Thread Paul S.
+1, exactly what we did. I also recommend implementing per-upstream/region blackhole communities (so your users can choose who to blackhole as they see fit.) Often time, DDoS traffic comes from regions that do not intersect with legitimate traffic. On 2/4/2019 03:15 午前, Tom Hill wrote: On 3

Re: RTBH no_export

2019-02-03 Thread Tom Hill
On 31/01/2019 20:17, Nick Hilliard wrote: > you should implement a different community for upstream blackholing. > This should be stripped at your upstream links and replaced with the > provider's RTBH community.  Your provider will then handle export > restrictions as they see fit. This works wo

Re: RTBH no_export

2019-02-01 Thread Randy Bush
> One more thing, RFC7999 has category Informational and what exactly do you think that means. in ietf terms, it is a formal spec which does not specify a protocol. it is still a formal spec. randy

RE: RTBH no_export

2019-01-31 Thread Michel Py
> Alejandro Acosta wrote : > One more thing, RFC7999 has category Informational Point well taken. A good thing, IMHO. If I remember correctly, I once opposed this text; not because it was a bad idea (standardizing is sometimes a good idea) but because I found it imprecise enough that it was not

Re: RTBH no_export

2019-01-31 Thread Alejandro Acosta
One more thing, RFC7999 has category Informational El 31/1/19 a las 16:21, Theodore Baschak escribió: > >> On Jan 31, 2019, at 1:28 PM, Roel Parijs > > wrote: >> >> For our BGP customers the problem is more complex. Our BGP customers >> can send us the RTBH community,

RE: RTBH no_export

2019-01-31 Thread Michel Py
> Roel Parijs wrote: > To minimize the impact of DDoS, I have setup RTBH. For our own customers, we > can set the RTBH community ourselves towards our transit suppliers and > this works well. For our BGP customers the problem is more complex. Our BGP > customers can send us the RTBH community, an

Re: RTBH no_export

2019-01-31 Thread Theodore Baschak
> On Jan 31, 2019, at 1:28 PM, Roel Parijs wrote: > > For our BGP customers the problem is more complex. Our BGP customers can send > us the RTBH community, and we will drop the traffic at our borders. Since > we're only running a small network, we don't have the capacity to deal with > large

Re: RTBH no_export

2019-01-31 Thread Nick Hilliard
Roel Parijs wrote on 31/01/2019 19:28: What is your opinion on this ? you should implement a different community for upstream blackholing. This should be stripped at your upstream links and replaced with the provider's RTBH community. Your provider will then handle export restrictions as th

Re: RTBH no_export

2019-01-31 Thread Łukasz Bromirski
> On 31 Jan 2019, at 20:28, Roel Parijs wrote: > > Hello NANOG, > > To minimize the impact of DDoS, I have setup RTBH. > For our own customers, we can set the RTBH community ourselves towards our > transit suppliers and this works well. > > For our BGP customers the problem is more complex.