Many providers refer to this as 'RTBH' (remotely triggered blackhole filtering).
Josh On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > that request, lacking my fundamental understanding of the terminology, > would be phrased how? > > On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: > >> Yes, it requires your upstream to support a blackhole BGP community. >> This allows you to advertise host routes (/32 or smaller) to them using a >> specific BGP community when you want your ISP to drop all traffic for the >> prefix before it reaches you. This is -very- useful for DDoS defense. >> >> Josh >> >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >>> That requires something specific? >>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >>> wrote: >>> >>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>> We are moving away from upstreams that do not utilize IRR Entries and >>>> require intervention every time we want to make a change, but it is >>>> continuous for us, so for most guys the one time setup is not a big deal, >>>> plus the upstream has to be trusting enough that we will have the correct >>>> filtering on our end. >>>> >>>> Steve, I would add Blackhole BGP community or session to your list. >>>> >>>> Erich Kaiser >>>> The Fusion Network >>>> er...@gotfusion.net >>>> Office: 630-621-4804 >>>> Cell: 630-777-9291 >>>> >>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>>> wrote: >>>> >>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>> Canada, a few in the US, and definitely a large number in Europe) will say >>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>>>> the route object information but if you say no then they will tell you to >>>>> open a ticket with their NOC each time you have a prefix to add/remove …. >>>>> >>>>> >>>>> >>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>> support automation via IRR >>>>> >>>>> >>>>> >>>>> Paul >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >>>>> *Sent:* May 13, 2016 9:25 PM >>>>> *To:* af@afmug.com >>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>>>> >>>>> >>>>> >>>>> Let me clarify this a bit more... >>>>> >>>>> >>>>> >>>>> You are recommending that one creates it's own AS Object in the >>>>> IRR..(aka learns and manages their own RR entries) (it really does not >>>>> matter which IRR it is, at the end of the day they are all sort of synced, >>>>> it is only a question of who is maintaining it, and who can provide help >>>>> to >>>>> newbies). .. BTW, I agree with this.. however .... >>>>> >>>>> >>>>> >>>>> Cause at the end of the day, someone in the up-stream is very likely >>>>> to create the record for you, if it is needed by them... >>>>> >>>>> This is one of those things that most carriers find... "too much >>>>> trouble to teach vs just do it for that network !" >>>>> >>>>> >>>>> >>>>> :) >>>>> >>>>> >>>>> >>>>> Regards. >>>>> >>>>> >>>>> >>>>> Faisal Imtiaz >>>>> Snappy Internet & Telecom >>>>> 7266 SW 48 Street >>>>> Miami, FL 33155 >>>>> Tel: 305 663 5518 x 232 >>>>> >>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>> >>>>> >>>>> ------------------------------ >>>>> >>>>> *From: *"George Skorup" <geo...@cbcast.com> >>>>> *To: *af@afmug.com >>>>> *Sent: *Friday, May 13, 2016 7:15:26 PM >>>>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >>>>> >>>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb >>>>> is not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>>>> >>>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>>>> >>>>> See answers in-line below:- >>>>> >>>>> >>>>> >>>>> Faisal Imtiaz >>>>> Snappy Internet & Telecom >>>>> 7266 SW 48 Street >>>>> Miami, FL 33155 >>>>> Tel: 305 663 5518 x 232 >>>>> >>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>> >>>>> >>>>> ------------------------------ >>>>> >>>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> >>>>> <thatoneguyst...@gmail.com> >>>>> *To: *af@afmug.com >>>>> *Sent: *Friday, May 13, 2016 11:35:10 AM >>>>> *Subject: *[AFMUG] Upstream BGP Questionairre >>>>> >>>>> Im going to expose the breadth of my incompetence here, but there are >>>>> some questions in this document I want to make sure im answering >>>>> accurately >>>>> >>>>> 1. Are you the owner of the AS Number with RIR- This im assuming is >>>>> our ARIN direct allocation? >>>>> >>>>> They are asking if you have a AS # assigned to you from ... (would be >>>>> ARIN for North America). >>>>> >>>>> 2. Are you registered with an Internet Routing Registry? - Im not sure >>>>> what this is, is this also ARIN or do I need to register something >>>>> elsewhere? >>>>> >>>>> Routing Registry.... it is a way to build authorized prefixes from a >>>>> DataBase... >>>>> >>>>> You can read up about it from here >>>>> https://www.arin.net/resources/routing/ >>>>> >>>>> >>>>> Justin Wilson did a blog about it too... >>>>> http://www.mtin.net/blog/?p=245 >>>>> >>>>> >>>>> >>>>> and yes ARIN also provides a Routing Registry Service ... (along with >>>>> a few others) >>>>> >>>>> >>>>> >>>>> 3. Which type of routes do you want to receive? - Full routes is what >>>>> we want, but are there caveats in this answer I need to be prepared for? >>>>> >>>>> >>>>> >>>>> No Caveats, as long as your equipment is able to take full routes, >>>>> then do so. >>>>> >>>>> >>>>> >>>>> 4. Do you have downstream ASNs? - I assume this would be customers >>>>> with their own allocations? We currently do not, but do not want to close >>>>> the door on that in the future. Is this something easily updated in the >>>>> future? >>>>> >>>>> Answer this question in the Present.. (you don't have any so say >>>>> no)... no future door is closed due to this... this is just info asked / >>>>> collected for the upstream to be able to build their ACL filters.... (This >>>>> is also a flag for them to collect your BGP LOA's as well as your >>>>> Customers >>>>> to you..) >>>>> >>>>> >>>>> >>>>> This becomes a mute topic, if you are versed in using the Routing >>>>> Registry and maintaining your own Route Objects etc. >>>>> >>>>> >>>>> >>>>> 5. List all prefixes to be announced so that we can confirm the BGP >>>>> ACL prior to activation: We only have a /22, but we do want the option >>>>> down >>>>> the road to pull /24 from one provider if need be. Would we list the /24s >>>>> independently or the /22 as the aggregate? >>>>> >>>>> >>>>> >>>>> You want to ask them for the following:- >>>>> >>>>> >>>>> >>>>> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >>>>> >>>>> >>>>> >>>>> Note: this will have them build a filter that can accept larger >>>>> prefixes between 24 - 22, so it is not a 'specific' filter... >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 6. MD5 Password: On this is it standard practice to use the same >>>>> password with all providers or different ones? >>>>> >>>>> >>>>> >>>>> Your choice... either way.... no big deal, as long as you keep track >>>>> of them. >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> If you only see yourself as part of the team but you don't see your >>>>> team as part of yourself you have already failed as part of the team. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
