netsec-sig - Re: [Security-WG] New Well-Known BGP Community for Blackholing
Subject: Internet2 Network Security SIG
List archive
- From: David Farmer <>
- To: , Grover Browning <>, Paul Howell <>
- Cc: "" <>, "" <>, "" <>
- Subject: Re: [Security-WG] New Well-Known BGP Community for Blackholing
- Date: Tue, 26 Jul 2016 14:37:56 -0500
On Tue, Jul 26, 2016 at 9:46 AM, John Kristoff <> wrote:
On Mon, 25 Jul 2016 23:55:31 +0000
David Farmer <> wrote:
> We (the Internet2 Community) should discuss if the Internet2 Backbone
> should transition to using this Well-Known BGP Community, either
> keeping or eliminating the Internet2 specific Blackhole communities
> below.
>
> Internet2-R&E: 11537:911
> Internet2-TR-CPS: 11164:53666
Is the usage of these being monitored? Statistics and trends on usage
and possibly a survey who is actually utilizing (announcing to I2) the
current communities would be nice to see.
That's a really good question, Grover, Paul? I was thinking about this last night too. I'd like to know; how many routes/IPs are blackholed, how often, what duration, some idea of the amount of traffic dropped, maybe how much each router is dropping. Just doing some brainstorming, please don't actually take that as a formal request, at least yet.
> Additionally, this new community is defined as a transitive BGP
> community, so we should discuss if we want to propagate routes with
> this community from the Internet2 Backbone to other members of the
> Internet2 community. This may or may not advantageous and is
> probably not appropriate in all cases, so we should only do this if
> there is a clear consensus for it.
I think this would be fine as long as these routes are originated from
within I2 and the announcements can be verified by connectors or the
backbone folks. I may be wary of accepting those transitive
communities if they originated from outside of I2. Perhaps add a tag
that indicates as much.
Like I said I'm skeptical of this really being useful, mostly because I too would only really consider this for routes for this community, and while there is a component of some DOS attacks coming from within this community it is a relatively small part of the overall issue most of the time.
A web-based interface for a participants to use for managing black hole
routes would be really nice to have. These should automatically expire
after some period.
This sounds interesting and maybe a more useful way to think about this, could you flesh this out a bit more.
Thanks
===============================================
David Farmer
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
David Farmer
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
- Re: [Security-WG] [NTAC] New Well-Known BGP Community for Blackholing, (continued)
- Re: [Security-WG] [NTAC] New Well-Known BGP Community for Blackholing, Michael H Lambert, 07/26/2016
- Re: [Security-WG] [NTAC] New Well-Known BGP Community for Blackholing, Jeff Bartig, 07/26/2016
- RE: [Security-WG] [NTAC] New Well-Known BGP Community for Blackholing, Michael Hare, 07/26/2016
- Re: [Security-WG] [NTAC] New Well-Known BGP Community for Blackholing, Jeff Bartig, 07/26/2016
- [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing, Grover Browning, 07/26/2016
- [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing, Spears, Christopher M., 07/26/2016
- [Security-WG] RE: [NTAC] New Well-Known BGP Community for Blackholing, Michael Hare, 07/26/2016
- [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing, Bill Jensen, 07/26/2016
- [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing, David Farmer, 07/26/2016
- [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing, David Farmer, 07/26/2016
- [Security-WG] Re: [NTAC] New Well-Known BGP Community for Blackholing, Spears, Christopher M., 07/26/2016
- Re: [Security-WG] New Well-Known BGP Community for Blackholing, John Kristoff, 07/26/2016
- Re: [Security-WG] New Well-Known BGP Community for Blackholing, David Farmer, 07/26/2016
- Re: [Security-WG] New Well-Known BGP Community for Blackholing, Paul Howell, 07/27/2016
- RE: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Michael Hare, 07/27/2016
- Re: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Matthew J Zekauskas, 07/27/2016
- RE: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Michael Hare, 07/27/2016
- RE: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Spurling, Shannon, 07/27/2016
- RE: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Michael Hare, 07/27/2016
- Re: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Matthew J Zekauskas, 07/27/2016
- RE: [Qt-security] [Security-WG] New Well-Known BGP Community for Blackholing, Michael Hare, 07/27/2016
- Re: [Security-WG] New Well-Known BGP Community for Blackholing, John Kristoff, 07/27/2016
- Re: [Security-WG] New Well-Known BGP Community for Blackholing, Paul Howell, 07/27/2016
- Re: [Security-WG] New Well-Known BGP Community for Blackholing, David Farmer, 07/26/2016
- Re: [Security-WG] [NTAC] New Well-Known BGP Community for Blackholing, Michael H Lambert, 07/26/2016
Archive powered by MHonArc 2.6.19.