Re: IXP

[Jeff Young <young () jsyoung net>]

Yeah,

You could count packets or you could forward them not both.
ACLs could crash everything.  Retrieving the config via SNMP
would crash a router.

I gotta get back into an ISP and get a new set of stories to tell.

jy

On Apr 18, 2009, at 10:29 PM, Deepak Jain wrote:

> Remember when you didn't want to put in ACLs because you'd blow out  
> the cpu on the router/card?
>
> Ahhhhh... That made networking fun!
>
> Deepak
>
> ----- Original Message -----
> From: Jeff Young <young () jsyoung net>
> To: Nick Hilliard <nick () foobar org>
> Cc: Paul Vixie <vixie () isc org>; nanog () merit edu <nanog () merit edu>
> Sent: Sat Apr 18 20:45:48 2009
> Subject: Re: IXP
>
> Best solution I ever saw to an 'unintended' third-party
> peering was devised by a pretty brilliant guy (who can
> pipe up if he's listening).  When he discovered traffic
> loads coming from non-peers he'd drop in an ACL that
> blocked everything except ICMP - then tell the NOC to
> route the call to his desk with the third party finally gave
> up troubleshooting and called in...
>
> fun memories of the NAPs...
>
> jy
>
>
> On Apr 18, 2009, at 11:35 AM, Nick Hilliard wrote:
>
> > On 18/04/2009 01:08, Paul Vixie wrote:
> > > i've spent more than several late nights and long weekends dealing
> > > with
> > > the problems of shared multiaccess IXP networks.  broadcast storms,
> > > poisoned ARP, pointing default, unintended third party BGP,
> > > unintended
> > > spanning tree, semitranslucent loops, unauthorized IXP LAN
> > > extension...
> > > all to watch the largest flows move off to PNI as soon as somebody's
> > > port was getting full.