nanog mailing list archives
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Sun, 7 Mar 2004 22:03:01 -0500
On Sun, Mar 07, 2004 at 09:24:44PM -0500, Sean Donelan wrote:
On Mon, 8 Mar 2004, E.B. Dreger wrote:SD> They saw no _net_ savings. SD> SD> In the real world, it costs more to deploy and maintain SD> SAV/uRPF.
[snip] In the real word, there are different networks with different tools and different gear. In some networks, it is a flip of the switch, you are done, and can move on. The direct benefit to my network is eliminating a category of crap from it. I save having to deal with that category. Yes there is other crap, but reducing the workload... reduces the workload. [snip]
has correctly deployed SAV. Even if everyone deploys SAV/uRPF you never know when someone may misconfigure something, so you still have to keep doing everything you were doing.
You mean internally to the network? Config management must exist for a huge number of reasons. Drop the right knob in your standards and move on. I don't follow 'having to keep doing everything' when I have one less things to do.
In the mean time, you get to pay for the extra costs for deploying SAV/uRPF in addition to doing everything you were already doing.
I'm sorry your network has such huge costs for trivial changes that follow simple logic. Actually, I've lost track of how many tiers of soapboxes are involved here, so I'm not sure what level of hypothetical-vs-real this [sub]thread is tackling. I'll encourage my competators to let more crap on their networks. I'll take out the trash at the points where I can. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Current thread:
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS), (continued)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Christopher L. Morrow (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Steve Francis (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Steve Francis (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Laurence F. Sheldon, Jr. (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Dan Hollis (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) E.B. Dreger (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Joe Provo (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Henry Linneweh (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 08)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Ken Diliberto (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 07)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Avleen Vig (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS) Sean Donelan (Mar 06)
- Re: Source address validation (was Re: UUNet Offer New Protection Paul Vixie (Mar 06)