nanog mailing list archives
Re: BCP38 making it work, solving problems
From: Michael.Dillon () radianz com
Date: Thu, 14 Oct 2004 11:48:24 +0100
At 12:01 PM 10/13/04 +0200, Iljitsch van Beijnum wrote:Trusting the source when it says that its packets aren't evil might be sub-optimal. Evaluation of evilness is best left up to the receiver.Likely true. Next question is whether the receiver can really determine that in real time. For some things, yes, but for many things it is not
as
obvious to me.
Correct me if I'm wrong here, but my interpretation of this suggestion was not that we should trust the source to mark packets but that we should trust our peers to mark packets. This seems to be something that is workable since most people have a manageable number of peers. Presumably each peer could mark the traffic based on what they know about their customer's network. If a customer follows all best practices, they mark it with the non-evil bit, otherwise not. If truly evil traffic is coming in from a peer, then one could apply mitigating actions only to traffic that is not marked non-evil, either blackholing it all or diverting it to a router that will perform complex filtering or heavily rate limiting it. It seems to me that really addressing DDOS, botnets, etc., requires network operators to agree on some sort of common coordinated action and using a network protocol to communicate about this coordinated action would be very useful. This doesn't mean that the non-evil bit is the only way, but the idea of network operators marking traffic in some way to indicate their level of confidence in its normality seems to be worth pursuing. It seems to be the natural progression of projects like the selection found at cymru.com. --Michael Dillon
Current thread:
- Re: aggregation & table entries, (continued)
- Re: aggregation & table entries Christopher L. Morrow (Oct 14)
- Re: aggregation & table entries Paul Vixie (Oct 15)
- Re: aggregation & table entries Christopher L. Morrow (Oct 15)
- Re: aggregation & table entries Paul Vixie (Oct 15)
- Re: aggregation & table entries Christopher L. Morrow (Oct 15)
- Re: BCP38 making it work, solving problems Joe Maimon (Oct 11)
- Re: BCP38 making it work, solving problems Iljitsch van Beijnum (Oct 13)
- Re: BCP38 making it work, solving problems Fred Baker (Oct 13)
- Re: BCP38 making it work, solving problems Michael . Dillon (Oct 14)
- Re: BCP38 making it work, solving problems bmanning (Oct 14)
- Re: BCP38 making it work, solving problems Iljitsch van Beijnum (Oct 14)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 13)
- Re: BCP38 making it work, solving problems Randy Bush (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 20)