Re: Yahoo! Lessons Learned

[Wayne Bouchard <web () typo org>]

> At Tuesday 11:01 PM 2/8/00 , Daniel Senie wrote:
>
> > Please refer to RFC2644/BCP34 on the subject of directed broadcasts.
> > This RFC recommends router vendors disable directed broadcasts by
> > default. It also recommends ISPs disable directed broadcast on ALL
> > routers. In light of the recent events, it would be good to see a
> > concerted effort made by everyone to ensure this has been done.
>
> I recall that SprintLink had some, uhm, plans to put ingress (and
> egress?) filters on all interfaces facing dedicated customers that
> were not multi-homed. This came after realization that education of
> the end-user was a fruitless and herculian task: Network smarts
> are virtually non-existent in IT departments, and even loads of
> smaller ISPs everywhere. Whatever became of this project ?

If you sell a customer a circuit and they do nothing more than default
to you with address space you provide, this is easy. If a customer
talks BGP to you and you require them to submit prefixs to you for
filtering (which should generally be the policy if you want any kind
of protection against having 7 coppies of the internet routing tables
in your network), this is also easy. You already know which netblocks
can be sourced from that connection. If the CPU can handle it, there
is no good reason not to do it.

----------------------------------------------------------------------
Wayne Bouchard                                    [Immagine Your    ]
web () typo org                                      [Company Name Here]
Network Engineer

----------------------------------------------------------------------