I'm surprised there are not more comments on this. What are other people using to reduce the impact of floods? On Tue, 3 Apr 2001, David Robb wrote:
An interesting idea which came up at a meeting here a while ago :
As people might be aware, adding routes to null0 isn't the most effective way sometimes of dropping flood traffic. Sending it to an IP address, and then staticly associating a bogus mac address to that IP is often better - the router simply forwards the packet out onto the lan, and the ethernet swallows it. This puts less load on the router.
Now a thought I had while thinking about this... could a BGP community be agreed upon between peers, such that (for example) any static routes to the bogus IP/mac on my router are exported to my upstream with this community set. They see the community, set the next-hop address to their version of the blackhole IP, and possibly pass it on further upstream.
Pro: A reasonably easy way to blackhole a target IP at upstream or peer ISPs without having to get their NOC to implement changes on routers. If the trust relationship for these communities extended far enough upstream, the target IP effectively disappears off the net.
Con: You'd have to trust the downstreams who are injecting these blackhole routes. This could be done careful use of prefix or access-lists, allowing people to propagate /32 blackhole routes for IPs under their control.
Thoughts?
[1] Ok, so some configuration might also be needed on the switch to stop the traffic being flooded all over the place.
-- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | | Home: simon(a)darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog