nanog mailing list archives
Re: Things to do to make the network better
From: Morten Reistad <mrr () norway eu net>
Date: Thu, 08 Jan 1998 14:24:36 +0100
In message <Pine.LNX.3.95.980107222357.167l-100000 () inorganic5 fdt net>, Jon Lewis writes:
On Wed, 7 Jan 1998, Morten Reistad wrote:I am network manager for a pretty much medium-sized ISP, with around 1700 internal network blocks; 600 of which come from dynamic sources. (RADIUS; variuos routing protocols). Given that a stock router will run out of filter lists long before the 600 mark I see major scaling problems here. (Outside of our network we show around 30 BGP networkYou need to do this as close to the edge as possible. Do you have routers with 600 customer links directly connected? If you did, then it might only be feasible to require that your customers filter their traffic such that they cannot send bogus source traffic to you...and have stiff penalties in their service contracts for failure to maintain such filters.
We have routers with ISDP PRI links, where the routing information arrives from RADIUS via a CHAP login. There are 600 routed objects in the RADIUS database, as well as 10k+ non-routed (dynamic IP) objects. Every ISDN router therefore has a potential 600 directly attached neighbors; although no router has more than 60 links at any one time. Some common equipment may handle this just barely; other is wholly inadequate. We DO filter on the other edge too, (towards peering partners). We currently have approx 10 megabit worth of external traffic in two locations; and filtering works. I doubt we can do this with 10 times this traffic. Because of this filtering spoofing will be between clients that have a contractual relationship with us; and we can easily go after them in the judicial system; and we have this covered in the contracts. All routers we ship have anti- spoofing filterlists configured too, but we only have such a relation to around half of our customers. My point is that both approaches have huge scaling problems; easily evident for a medium-size ISP. (Although we are part of EUnet International the national operations are pretty autonomous). If things are this evident for us, it must be a nightmare for the bigger ISP's with lots more routed objects. I would appreciate some thought on how to address this issue on a bigger scale.
------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
--
___
=== / / / __ ___ _/_ === Morten Reistad, Network Manager
=== /--- / / / / /__/ / === EUnet Norway AS, Sandakerveien 64, Oslo
=== /___ /__/ / / /__ / === <Morten.Reistad () Norway EU net>
=== Connecting Europe since 1982 === phone +47 2209 2940
Current thread:
- Things to do to make the network better Perry E. Metzger (Jan 05)
- Re: Things to do to make the network better Tom Killalea (Jan 05)
- Re: Things to do to make the network better Morten Reistad (Jan 07)
- Re: Things to do to make the network better Jon Lewis (Jan 07)
- Re: Things to do to make the network better Morten Reistad (Jan 08)
- Re: Things to do to make the network better Havard . Eidnes (Jan 08)
- Re: Things to do to make the network better Morten Reistad (Jan 08)
- Re: Things to do to make the network better Havard . Eidnes (Jan 08)
- Re: Things to do to make the network better Morten Reistad (Jan 07)
- Re: Things to do to make the network better Jon Lewis (Jan 08)
- Re: Things to do to make the network better Tom Killalea (Jan 05)
- <Possible follow-ups>
- Re: Things to do to make the network better Owen DeLong (Jan 05)
- Re: Things to do to make the network better Paul A Vixie (Jan 05)
- Re: Things to do to make the network better Perry E. Metzger (Jan 05)
- Re: Things to do to make the network better Pete Ashdown (Jan 05)