Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing

Subject: Internet2 Network Security SIG

List archive

[Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing


Chronological Thread 
  • From: Paul Howell <>
  • To: David Farmer <>, "" <>, "" <>, "" <>
  • Subject: [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing
  • Date: Tue, 26 Jul 2016 09:34:54 +0000
  • Accept-language: en-US
  • Authentication-results: umn.edu; dkim=none (message not signed) header.d=none;umn.edu; dmarc=none action=none header.from=internet2.edu;
  • Spamdiagnosticoutput: 1:0

Hi,

 

There have been some preliminary discussions about moving to the RFC community tags internally to Internet2.    In general, Internet2 is supportive of David’s suggestions however we would welcome others thoughts on the questions of adopting the new tags and propagation within the R&E community.

 

Regards,

Paul

 

 

Paul Howell

Chief Cyberinfrastructure Security Officer

Network Services, Internet2

100 Phoenix Drive, STE 111

Ann Arbor, MI 48108

Office: 734-352-4212

Email:

 

 

From: <> on behalf of David Farmer <>
Date: Monday, July 25, 2016 at 7:55 PM
To: "" <>, "" <>, "" <>
Subject: [NTAC] New Well-Known BGP Community for Blackholing

 

There is a Internet-Draft that should be published as an RFC within the next couple months that defines a Well-Known BGP Community "BLACKHOLE".  It has completed IETF last call and awaits final action by the IESG next week.

https://tools.ietf.org/html/draft-ietf-grow-blackholing-02

We (the Internet2 Community) should discuss if the Internet2 Backbone should transition to using this Well-Known BGP Community, either keeping or eliminating the Internet2 specific Blackhole communities below.

Internet2-R&E: 11537:911
Internet2-TR-CPS: 11164:53666

Additionally, this new community is defined as a transitive BGP community, so we should discuss if we want to propagate routes with this community from the Internet2 Backbone to other members of the Internet2 community.  This may or may not advantageous and is probably not appropriate in all cases, so we should only do this if there is a clear consensus for it. 

  
I'd like to see Internet2 support this Well-Known BGP community, maybe as an experiment at first, assuming the draft moves forward and the community doesn't find any issues, then on a permanent basis.  I'm neutral on keeping or eliminating the current BGP communities long-term, but obviously we should keep them during the experimental phase.  I'm neutral, leaning toward not, on the issue of propagate routes with this BGP community from the Internet2 Backbone to other members of the Internet2 community, but maybe we should think about some experiments with something like this. If experiments show it's useful I'd support it, but right now I'm skeptical how useful transiting this would be for us.

 

What do others think?

 

Thanks


-- 

===============================================
David Farmer              
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota  
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================


Archive powered by MHonArc 2.6.19.

Top of Page