Hi,
We just being blackhole by some ISP during their provisioning,
a few hours ago. I thought that bogus route should be filtered by
the NAP. Is there a way to prevent from somebody blackholing you ?
It takes a lot of affort to solve this problem, especially those
who need to update their router through rrdb automatically. Which
suppose to solve blackhole problem accidentally.
Thanks,
Tony S. Hariman
http://www.tsh.or.id
Tel: +62(21)574-2488
Fax: +62(21)574-2481
We just being blackhole by some ISP during their provisioning,
a few hours ago. I thought that bogus route should be filtered by
the NAP. Is there a way to prevent from somebody blackholing you ?
It takes a lot of affort to solve this problem, especially those
who need to update their router through rrdb automatically. Which
suppose to solve blackhole problem accidentally.
Could you please explain the issue more specifically. "Blackhole" could
have many meanings.
randy
Blackhole here means that someone from different AS announce
our network using BGP. So all the incoming traffic that suppose to go
to us, rerouted to this ISP.
Looking through Digex Mae-East looking glass this is what it suppose to be
202.158.0.0/19 192.41.177.181 50 100 0 3561 4787 4787 4787 i
192.41.177.145 100 0 4200 4787 i
But during the blackhole this is what is look like:
BGP routing table entry for 202.158.0.0/20, version 9520334
Paths: (4 available, best #3, advertised over IBGP)
1800 1239 4003 7713
192.41.177.240 from 192.41.177.240 (198.67.131.49)
Origin incomplete, metric 11, localpref 100, valid, external
Community: 2548:668
1239 4003 7713
165.117.1.122 (metric 28416) from 165.117.1.122
Origin incomplete, metric 57, localpref 100, valid, internal
Community: 2548:668
Originator : 165.117.1.122, Cluster list: 165.117.1.122
1239 4003 7713
192.41.177.241 from 192.41.177.241 (144.228.107.1)
Origin incomplete, metric 57, localpref 100, valid, external, best
Community: 2548:668
1239 4003 7713
192.41.177.242 from 192.41.177.242 (144.228.101.1)
Origin incomplete, metric 59, localpref 100, valid, external
Community: 2548:668
To solve this problem I temporarily inject more specific route by
dividing my /19 to 4 /21
I talk to the owner of AS7713 they said during provisioning with
their upstream provider they make a mistake inadvertently announce
our ip block and few other ISP block.
I just wondering if this misshaps could be prevented, even someone make
a mistake.
Thanks,
I talk to the owner of AS7713 they said during provisioning with
their upstream provider they make a mistake inadvertently announce
our ip block and few other ISP block.I just wondering if this misshaps could be prevented, even someone make
a mistake.
Not now. There is hope to prevent this in the not too distant future.
randy
I wonder if there is some kind of SOP before someone
announce a route ? I thought you supposed to lookup
at radb first before trying to announce those routes.