It's just the most efficient and visible way for us to do it, it's not the only way. Here's a couple of reasons why we like it:
1. It's scripted so you don't have to think about it at 3am.
2. The rest of the team can see it happening in realtime so you don't have to explain what you're doing via a side channel. They can see it happening.
3. It doesn't require specialized knowledge of routing to enable it. If the on-call engineer sees an attack and calls someone for guidance, it's super easy to tell them "type /mitigation enable" for instance.
4. Of course we can run the exact same script or login to our routers and manually change our BGP announcements if we need to.
Why wouldn't they do this? They presumably want someone to look at the attack before engaging the protection, and I'm sure not all of their staff is able to make network changes. If they've got it automated to the point where a single command can do it, what does it matter via what method they use?
If they're all in Campfire anyway, there's no overhead here.
1. It's scripted so you don't have to think about it at 3am.
2. The rest of the team can see it happening in realtime so you don't have to explain what you're doing via a side channel. They can see it happening.
3. It doesn't require specialized knowledge of routing to enable it. If the on-call engineer sees an attack and calls someone for guidance, it's super easy to tell them "type /mitigation enable" for instance.
4. Of course we can run the exact same script or login to our routers and manually change our BGP announcements if we need to.