Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] NOC doc re current BGP discarding

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] NOC doc re current BGP discarding


Chronological Thread 
  • From: Paul Howell <>
  • To: "" <>
  • Subject: Re: [Security-WG] NOC doc re current BGP discarding
  • Date: Fri, 20 Nov 2015 10:23:51 +0000
  • Accept-language: en-US
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=internet2.edu;
  • Spamdiagnosticoutput: 1:0

Thanks for pointing this out, we’ll make the necessary changes.



-----Original Message-----
From:
<>
on behalf of Doug Pearson
<>
Reply-To:
""

<>
Date: Thursday, November 19, 2015 at 4:49 PM
To:
""

<>
Subject: [Security-WG] NOC doc re current BGP discarding

>Concerning Internet2 operational documentation for DDoS, might be
>helpful to raise profile of existing doc and clean up some discrepancy:
>
>Fairly buried in the BGP Communities page,
>> https://noc.net.internet2.edu/i2network/maps-documentation/documentation/bgp-communities.html
>
>I found mention of:
>> The following communities can be used to blackhole traffic to more
>> specific netblocks (up to /32):
>> 11164:53666 Rewrite next hop to discard traffic
>> 11537:911 (to be deprecated *)
>
>The word "DDoS" does not appear on the BGP Communities page. In one
>consideration that makes sense, but having that word on the page
>somewhere would help when googling for DDoS response.
>
>and at:
>
>> http://www.internet2.edu/policies/response-ddos-attacks/
>last updated Feb 2015; that page doesn't seem as current as the BGP
>Communities page(?) because says (only):
>
>> tagged with the BGP Community 11537:911
>
>which according to BGP Communities doc is scheduled to be deprecated.
>
>When I google "Internet2 DDoS NOC" the only operational link I receive
>is the "policies" doc referenced immediately above. And that doc isn't
>linked to the BGP Communities page.
>
>
>Regards,
>
>Doug Pearson
>REN-ISAC



Archive powered by MHonArc 2.6.16.

Top of Page