Download - BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Transcript
Page 1: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

BLACKHOLE BGP Communityfor Blackholing

T. King, C. Dietzel, J. Snijders,G. Doering, G. Hankins

Page 2: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Motivation: The Problem: Massive DDoS

Network B

#2

Network A

Page 3: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Motivation: A Solution: Blackholing

Network B

#3

Network A

BGP:More Specific Blackhole Announcement

Page 4: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Motivation: Different Triggers for Blackholing

• Different triggers for Blackholing at IXPs (selection):

• Different triggers for Blackholing at ISPs (selection):

• Proposal: One commonly agreed way to trigger Blackholing at IXPs and ISPs -> Internet Draft

#4

Blackhole IP Address: FRA: 80.81.193.66, NY: 206.130.10.66 Blackhole Community: 65499:999Blackhole Community: 0:666Fenix: RTBHBlackhole Community: 29535:666

• DE-CIX Apollon• Netix• MSK-IX.ru• NIX.CZ• TPIX.pl

Policy control at route servers

• Init7:• Team Cymru:• Hurrican Electric:• NTT:

Blackhole Community: 65000:666Blackhole Community: 64496: 666Blackhole Community: 6939:666Blackhole Community: 2914:666

Page 5: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Evolution

2014:• Euro-IX tech mailing list: Commonly agreed Blackhole

community• 25th Euro-IX Forum: Presentation and panel about Blackholing• Work on an “Internet Draft” started

2015:• Discussion on the GROW mailing list and during the IETF 93• Requests from Euro-IX and GROW:

– Also cover ISPs– Be more specific about “Operations Recommendations”

#5

Page 6: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Current Status

GROW WG:• Requests from IETF 93 / Euro-IX:

1. Also cover ISPs and not only IXPs: Job Snijders (NTT) committed himself to contribute which he perfectly did

2. Add more “Operations Recommendations”:• Local scope: NO_ADVERTISE / NO_EXPORT• Accepting blackholed IP prefix: Length of prefixes, more specific• IXPs: Peering at route servers: Policy control, next-hop IP address

• Version 01 of the “Internet Draft” released (above requests applied)

• No unresolved comments/requests I am aware of• Working group adaption? Done.

#6

Page 7: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Next Steps

• We need more feedback -> Release new versions: Repeat

• Last Call is planned before IETF 94

#7

Page 8: BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

Feedback / Comments / Questions

Please provide feedback:https://tools.ietf.org/html/draft-ymbk-grow-blackholing-01

#8


Top Related

Blackhole Networks - an Underestimated Source for ......Blackhole Networks an Underestimated Source for Information Leaks Alexandre Dulaunoy CIRCL - TLP:WHITE Team CIRCL - Team Restena

Blackhole Networks - an Underestimated Source for ......Blackhole Networks an Underestimated Source for Information Leaks Alexandre Dulaunoy CIRCL - TLP:WHITE Team CIRCL - Team Restena

Blackhole Energy

Blackhole Energy

The Telehealth Adoption Blackhole - Milton Chen, VSee - TFSS

The Telehealth Adoption Blackhole - Milton Chen, VSee - TFSS

Solution of Blackhole Attack Good Ppt

Solution of Blackhole Attack Good Ppt

Stars & blackhole

Stars & blackhole

Blackhole critical behaviour with thegeneralized BSSN ... · arXiv:1508.01614v2 [gr-qc] 18 Oct 2015 Blackhole critical behaviour with thegeneralized BSSN formulation Arman Akbarian1

Blackhole critical behaviour with thegeneralized BSSN ... · arXiv:1508.01614v2 [gr-qc] 18 Oct 2015 Blackhole critical behaviour with thegeneralized BSSN formulation Arman Akbarian1

BGP Blackholing Project - RIPE 68 · 4 BGP blackholing project ! We're experimenting with the QoS policy propagation with BGP ...and with BGP FlowSpec thanks to IOS-XR implementation

BGP Blackholing Project - RIPE 68 · 4 BGP blackholing project ! We're experimenting with the QoS policy propagation with BGP ...and with BGP FlowSpec thanks to IOS-XR implementation

A First Joint Look at DoS Attacks and BGP Blackholing in ... · BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation.

A First Joint Look at DoS Attacks and BGP Blackholing in ... · BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation.

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS