OT: Black holes and BGP
From: Anthony Pace (anthonypace@fastmail.fm)
Date: Thu Sep 16 2004 - 14:12:09 GMT-3
Does anyone know of a mechanism, or troubleshooting methodology for
diagnosing a partial Internet Outage of INGRESS traffic?
My network is multi-homed to 2 ISP�s, which land on 2 separate routers
(which come in on 2 different ILEC's physical media). Each of these
routers peers with the respective ISP and each other. There is
flexibility to allow some address blocks to be advertised so that the
INGRESS traffic will arrive at one or the other ISP links (and PREPENDS
to the other ISP create an alternate route.)
This architecture is an automatic failover for loss of router, circuit,
or BGP session, but does nothing to protect against one of the providers
advertising one of our address blocks and "black holing" the traffic
(due to an outage or whatever). The world will not take the alternate,
longer AS-PATH route from the second provider so long as the "problem
provider" is announcing a more attractive route.
The solution requires a human intervention (once it is determined that
"some" people can't reach the address space.) I know there are services
that will monitor your Internet presence and notify you if parts of the
world are not able to reach you. I know there are public route servers,
which can be checked in the event a problem is suspected.
Does anyone know of a mechanism or a methodology that can be used in
such a scenario? I know there allot of smart people on this list and I
bet some of you have dealt with this exact scenario.
Sorry for the off topic post.
Anthony Pace CCIE 10349
--
Anthony Pace
anthonypace@fastmail.fm
This archive was generated by hypermail 2.1.4
: Fri Oct 01 2004 - 15:00:45 GMT-3