nanog mailing list archives
Re: NSPs and filters
From: alan () mindvision com (Alan Hannan)
Date: Sat, 12 Jul 1997 23:53:51 -0500 (CDT)
jl> I'm not saying UUNet should install whatever filters I want on their jl> routers. I'm just saying the net would be a MUCH nicer place if NSP's all jl> did ingress filtering on their customer connections. If current routers jl> can't handle the load this would create, then NSP's need to find vendors jl> willing to deliver the necessary power, or they need to rethink the way jl> they design their networks. randy> Most of my customers have customers who in turn have randy> customers, not a few of whom are multi-homed. Same for randy> UUNET, ... randy> So, at POP X, I take in maybe 100 prefixes, with maybe 1000 randy> at some POPs. How do I build and maintain that filter list, The same way you build and maintain routing filter lists for the prefixes you take in. You do use routing filter lists, don't you? It should be the same list of networks. randy> and how long does it take each packet to get through it with randy> a router that also does real routing? Therein lies the argument. Do the huddled masses want things that move packets or things that make judgements on them? Difficult to have both. I don't think the world is yet able to technically support security within the infrastructure that provides transit. It needs to be at a separate layer, or on the fringe. The economies of today's customer aggregation routers do not allow a person to invest in that functionality inherent in the router. (yes, they could, but that cuts into the company's bottom line, and as there really isn't that big of an outcry or decrement in QOS of the company's IP product, why would they?) Accordingly, one must rely upon reactionary security folk to track down the attacks of bogus packets. Significant investment should be made and supported in building automated response systems and scripts. Should the USPS forbid mail with bad return addresses? -alan
Current thread:
- Re: NSPs and filters, (continued)
- Re: NSPs and filters ice9 (Jul 12)
- Re: NSPs and filters Phil Howard (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Deepak Jain (Jul 12)
- Re: NSPs and filters Adrian J Bool (Jul 13)
- Re: NSPs and filters Phil Howard (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Randy Bush (Jul 12)
- Re: NSPs and filters Jon Lewis (Jul 12)
- Re: NSPs and filters Dorian R. Kim (Jul 13)
- Re: NSPs and filters Sean M. Doran (Jul 14)
- Re: NSPs and filters ice9 (Jul 12)
- Re: NSPs and filters Daniel Senie (Jul 13)
- Re: NSPs and filters Dorian R. Kim (Jul 13)