[db-wg] Route(6) objects
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kaupo Ehtnurm
kaupo at wavecom.ee
Fri Jul 7 17:11:11 CEST 2023
Hello Sorry, you didn't say. But starting to manually advertise /48 to my DDoS protection provider beats the purpose of automatic DDoS protection. Lugupidamisega / Best regards, Kaupo Ehtnurm Network & System administrator WaveCom AS ISO 9001 & 27001 Certified DC and verified VMware Cloud kaupo at wavecom.ee | +372 5685 0002 Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] ----- Original Message ----- From: "Randy Bush via db-wg" <db-wg at ripe.net> To: "Kaupo Ehtnurm via db-wg" <db-wg at ripe.net> Sent: Friday, July 7, 2023 6:05:53 PM Subject: Re: [db-wg] Route(6) objects > Here the problem is "for longer defensive prefixes" > For example in normal situation I advertise /32 to my ip transit providers. > When DDoS happens then one of my providers will start advertisin 1x/48 > of my /32 prefix to hi-jack the route from us and filter it. i did not say that your provider advertised, did i? >> By doing this the internet will always (also under normal >> circumstances) prefer that one provider. >> >> 0 - register irr and rpki objects for aggregates and for longer >> defensive prefixes >> >> 1 - announce only aggregates to both providers >> >> 2 - when ddosed, >> - do not change announcement of aggregate to non-mediating >> - deaggregate announcement to mediating provider >> >> 3 - when ddos ends, return to state 1 randy -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]