The transit provider can spread this to all of their ingress points ensuring their network is not flooded further, and maybe even to their peers to push back further to the source of the traffic. So an ISP that can tell their peers and upstream transit providers not to send the traffic to them, for that one IP, can stay on-line. Even if the target is one IP, which is not always the case, the traffic can be crippling. This is all quite important for managing Denial Of Service (DOS) attacks. This helps avoid flooding the ingress points as the peer/transit is filtering in their network. The other is for an ISP to tag the route and announce to their peers, and transit, so that they do the same. It does not help much if the ingress is flooded though. This helps ensure packets arriving at any ingress are dropped immediately to mitigate damage. One is within their network, ensuring that their IBGP spreads the route and tags it so that each and every one of their routers knows not to route any traffic for the specified prefix. There are two key ways an ISP can use Blackhole routes. The prefix is usually one address (IPv4 /32 or IPv6 /128). The idea is that you can mark a route sent around by BGP that is "Do not route this", and just throw away any traffic to this prefix. Now, one of the most important community tags you can use is surprisingly not standardised. Where you have an AS number that fits in 16 bits it is common for the first 16 bits to be the AS that defines or uses the tag. They use them not only to identify where routes came in, but also to control how routes are handled in their network.Ī community tag is 32 bits and conventionally written as decimal 16 bits, colon, and decimal 16 bits. NTT (one of the big transit providers) have a great page on how they use communities, here.
Community tags are also often used in networks to tag from where the route came in to the network. There are a few that are standard and useful, such as limiting the announcements to the local AS. BGP is the protocol that distributes routes around the Internet, and one of the features of BGP is the "community tags" that can be attached to a route announcement.
0 kommentar(er)
