[RPKI] Accepting smaller routes than RPKI object allows (blackholing)
Job Snijders
job at ntt.net
Thu Aug 29 12:33:58 UTC 2019
On Thu, Aug 29, 2019 at 02:21:21PM +0200, Stavros Konstantaras wrote:
> Based on the current standards and vendor implementations, I believe
> another potential solution to make this work is to use a separate
> routing instance (e.g a server running BIRD or other software), where
> customers can use it to send blackhole routes.
>
> With BIRD running on a simple box, you could easily implement an
> import filter where a customer is allowed to advertise a /32 route
> that carries the BLACKHOLE community as well (and only that, nothing
> else). Then, with a little bit of python scripting you could either
> program your basic Juniper or Cisco router accordingly or trigger your
> purchased anti-DDoS service.
What do you base the import filter on?
Kind regards,
Job
More information about the RPKI
mailing list