> On Jan 31, 2019, at 1:28 PM, Roel Parijs <roel.par...@gmail.com> wrote: > > For our BGP customers the problem is more complex. Our BGP customers can send > us the RTBH community, and we will drop the traffic at our borders. Since > we're only running a small network, we don't have the capacity to deal with > large attacks. If we would be able to forward (and maybe alter it) this RTBH > community towards our upstream providers, the impact on our network would be > limited. However, the RFC states that an announcement tagged with the > blackhole community should get the no_advertise or no_export community. > > What is your opinion on this ? >
In RFC7999 section 3.2 the first paragraph talks about what you're mentioning, NO_EXPORT and/or NO_ADVERTISE. It uses the word SHOULD. SHOULD has special meaning in RFCs, its not MUST. Its also not MAY. RFC2119 talks about the way these words should be interpreted. In the next paragraph it says that extreme caution should be used when "purposefully propagating IP prefixes tagged with the BLACKHOLE community outside the local routing domain, unless policy explicitly aims at doing just that." So if your local routing policy is to propagate those blackholes on to your upstreams (and its mutually agreed and they're configured to accept them), then it can be done. Nothing technical in the RFC stopping that. Theo
