>[1] I'd also note there are legitimate cases where customers may be >unable to serve traffic for their content/service/application, (think: >unexpected, but legitimate flash crowds/traffic combined with >under-provisioned tail circuit capacity). In that case, it may be far >easier for the customer to temporarily give up, say, a /24 that their >content/service/application was being served out of and allow a third >party to announce it out of the SP's AS (while still serving the same >content/service/application off servers moved to or X-connect'ed to a new >'higher bandwidth' location), until the "storm passed" ...
In these use cases, what breaks if we allow two ROAs to co-exist in the system (one authorizing the customer AS and one authorizing the proxy AS to originate the prefix) _much before_ the attack (or storm) takes place? After all, this is a valid business relationship. Choose your pill wisely. - Pradosh _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
