At 8:11 +0100 14/3/02, Christian Panigl, ACOnet/VIX/UniVie wrote:
Date: Thu, 14 Mar 2002 09:46:43 +1000 From: Philip Smith <pfs@cisco.com>
b) Loss of the service in the midst of a DoS attack.
I don't see why this is relevant. The idea is that the ISP taking the feed would build an access-list of denied networks probably on a daily basis, or however often they consider necessary. Pretty much as some ISPs build their BGP filters from the IRR at the moment.
Hi Philip et al,
I was wondering for a while what I should do with this BGP feed of unallocated prefixes ... Now, after Philip has made it clear, why aren't we simply putting those prefixes in the IRRs (e.g. as a route-set, or simply as routes with a specific/reserved origin-AS) and let interested ISPs use their usual (RA)toolset to build filters at their regular schedules ?
Also a possibility. If people see value in this we can even do both. I believe some people were thinking about setting a BGP peering with a "zebra" type process and generate the filters from there, using a separate and contained data set. I hope no one would plug this stuff directly into their border routers without performing some sanity checking first. Joao --