[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tier1 blackholing policy?

Subject: Tier1 blackholing policy?
From: schmid at dfn.de (Thomas Schmid)
Date: Tue, 30 Apr 2013 16:31:57 +0200

Greetings,

I know Tier1s are blackholing traffic all the time :) (de-peering, 
congestion etc.)
but did it became a new role for Tier1s to go from transit provider to
transit blocker?

We received recently customer complaints stating they can't reach 
certain websites.
Investigation showed that the sites were not reachable via Tier1-T, but 
fine via
Tier1-L. I contacted Tier1-T and the answer was something like "yeah, 
this is a known phishing
site and to protect our customers we blackhole that IP" (btw - it was 2 
ASes away from Tier1-T).

Huh? If I want to block something there, it should me my decision or 
that of my country's legal
entities by court order and not being decided by some Tier1's 
intransparent security department.
(Not even mentioning  words like 'CGN', 'legal', 'net neutrality' or 
'censorship') This might be
an acceptable policy for a cable provider but not for a Tier1.

Haven't seen something like this in many years. Did I miss a 
pardigm-shift here and has this
become a common "service" at Tier1s?

    Thomas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4589 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130430/b7412865/attachment.bin>

Follow-Ups:
- Tier1 blackholing policy?
  - From: ml at kenweb.org (ML)
- Tier1 blackholing policy?
  - From: jlewis at lewis.org (Jon Lewis)
- Tier1 blackholing policy?
  - From: bill at herrin.us (William Herrin)

Prev by Date: Office 365 broken on ipv6
Next by Date: Office 365 broken on ipv6
Previous by thread: Office 365 broken on ipv6
Next by thread: Tier1 blackholing policy?
Index(es):
- Date
- Thread