Hi,
On Sat, Oct 01, 2016 at 04:51:36PM +0200, Fredy Kuenzler wrote:
To achieve this I think we need a collaborative community effort setting up a common procedure and define a BGP communitiy with the effect "do not announce beyond Switzerland".
I think this is an awesome idea.
The situation is similar here in DE - nobody could stand an 1 Tbit DDoS attack, and a large number of content offerings are targeted only to german speaking customers, so if DE/A/CH work, 99% of the customers are still able to reach the site.
I'm not really sure how this would work in your example - what if you have two customers in a given BGP announcement, one of them *does* want to be reached world-wide (like, corporate VPNs) and the other one is attacked? Split the aggregate, or bit the bullet and have all of them with limited reach, for the time being?
(We currently work this "the other way round" by using the "out of country" and "out of continent" blackhole communities offered by NTT - so the customer under attack would be announced as a "faraway RTBH" route - but this isn't good enough yet either, as not all transits offer this...)
Gert Doering -- NetMaster