nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

From: Joe Provo <nanog-post () rsuc gweep net>
Date: Sun, 7 Mar 2004 22:03:01 -0500

On Sun, Mar 07, 2004 at 09:24:44PM -0500, Sean Donelan wrote:

On Mon, 8 Mar 2004, E.B. Dreger wrote:

SD> They saw no _net_ savings.
SD>
SD> In the real world, it costs more to deploy and maintain
SD> SAV/uRPF.

[snip]

In the real word, there are different networks with different 
tools and different gear.  In some networks, it is a flip of 
the switch, you are done, and can move on.

The direct benefit to my network is eliminating a category of
crap from it. I save having to deal with that category. Yes
there is other crap, but reducing the workload... reduces the
workload. 

[snip]

has correctly deployed SAV.  Even if everyone deploys SAV/uRPF 
you never know when someone may misconfigure something, 
so you still have to keep doing everything you were doing.


You mean internally to the network? Config management must exist 
for a huge number of reasons. Drop the right knob in your standards
and move on.  I don't follow 'having to keep doing everything'
when I have one less things to do.


In the mean time, you get to pay for the extra costs for deploying
SAV/uRPF in addition to doing everything you were already doing.

 
I'm sorry your network has such huge costs for trivial changes that
follow simple logic.    Actually, I've lost track of how many tiers
of soapboxes are involved here, so I'm not sure what level of 
hypothetical-vs-real this [sub]thread is tackling. 

I'll encourage my competators to let more crap on their networks.
I'll take out the trash at the points where I can.
 

-- 
             RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Previous By Date Next
Previous By Thread Next

Current thread: