7 Jul
2023
7 Jul
'23
5:05 p.m.
Here the problem is "for longer defensive prefixes" For example in normal situation I advertise /32 to my ip transit providers. When DDoS happens then one of my providers will start advertisin 1x/48 of my /32 prefix to hi-jack the route from us and filter it.
i did not say that your provider advertised, did i?
By doing this the internet will always (also under normal circumstances) prefer that one provider.
0 - register irr and rpki objects for aggregates and for longer defensive prefixes
1 - announce only aggregates to both providers
2 - when ddosed, - do not change announcement of aggregate to non-mediating - deaggregate announcement to mediating provider
3 - when ddos ends, return to state 1
randy