|
Thread Index [isp-bgp] Re: Suggested solution to prevent my prefixes frombeing suppressed
mmostafa@... wrote: 3-The attacks are stopped after contacting our upstream provider to blackhole targeted ipsSearch for the real-time BGP blackhole routing techniques, and work with your upstream providers to get them to accept blackhole routes from you. This way, you can suppress the attacks much quicker (i.e. within 1-2 minutes, no phone call needed). Anyway , we are really working on stopping and detecting attacks with our ISP , but just put this away ( suppose that there is a persisting problem in the submarine cables or something causing BGP Instability long-term problem ) I need you to advise me with any suggestion to prevent my prefixesSeveral suggestions: 1) Why are your BGP sessions flapping? BGP packets are normally precedence 6, and should in many cases pass through nearly any saturated link. Determining why they're flapping is probably a good thing to research first. 2) Adjust BGP timers to delay the interval until the session is restored. It's commonly believed that keeping your prefix DOWN on a given BGP session for perhaps several minutes is necessary to minimize dampening. Since the original flap withdrawal won't propagate through any single network at the same exact rate, having one network withdrawing your downward flap while another network is announcing your upward flap can greatly influence route churn and get you dampened in a hurry. 3) Check EVERY possible attribute on your announcements to make sure they're as identical as your routing policy allows. I had a customer add a second router to his network. Each router was creating an aggregate route to be announced to his two upstreams, but unbeknownst to him it was including an "(aggregated by x.x.x.x)" field that reflected the router's ID. As his prefix was withdrawn across the Internet, that field was oscillating between the values for R1 and R2, causing very high flap count. Removing that attribute from his announcements gave him clean redundancy once again, along with the benefit of redundant routers. 4) You may want to consider disabling fast external failover if it's enabled. The loss of instant session reset in the event of link failure may be less than the gain of stable sessions and advertised prefixes. pt _____________________________________________________ ** ISPCON Fall 2004 - Santa Clara Convention Center ** ** The ISP and WISP event - http://www.ispcon.com ** ** Fill your brain. Meet the people. Join the industry gathering. ** ________________________________________________________ To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
Thread Index |
|
