nanog mailing list archives

Re: IXP

From: Paul Vixie <vixie () isc org>
Date: Sat, 18 Apr 2009 21:12:24 +0000

Date: Sat, 18 Apr 2009 13:17:11 -0400
From: "Steven M. Bellovin" <smb () cs columbia edu>

On Sat, 18 Apr 2009 16:58:24 +0000
bmanning () vacation karoshi com wrote:

    i make the claim that simple, clean design and execution is
best. even the security goofs will agree.


"Even"?  *Especially* -- or they're not competent at doing security.


wouldn't a security person also know about

        http://en.wikipedia.org/wiki/ARP_spoofing

and know that many colo facilities now use one customer per vlan due
to this concern?  (i remember florian weimer being surprised that we
didn't have such a policy on the ISC guest network.)

if we maximize for simplicity we get a DELNI.  oops that's not fast
enough we need a switch not a hub and it has to go 10Gbit/sec/port.
looks like we traded away some simplicity in order to reach our goals.

Current thread:

Re: IXP, (continued)
- - - Re: IXP Daniel Roesen (Apr 17)
    - Re: IXP Randy Bush (Apr 17)
    - Re: IXP Matthew Moyle-Croft (Apr 17)
    - RE: IXP Deepak Jain (Apr 17)
    - Re: IXP Stephen Stuart (Apr 17)
    - Re: IXP Paul Vixie (Apr 18)
    - Re: IXP bmanning (Apr 18)
    - Re: IXP Paul Vixie (Apr 18)
    - Re: IXP bmanning (Apr 18)
    - Re: IXP Steven M. Bellovin (Apr 18)
    - Re: IXP Paul Vixie (Apr 18)
    - Re: IXP bmanning (Apr 18)
    - Re: IXP Jack Bates (Apr 18)
    - Re: IXP Dale Carstensen (Apr 18)
    - Re: IXP Steven M. Bellovin (Apr 18)
    - Re: IXP Paul Ferguson (Apr 18)
    - Re: IXP Roland Dobbins (Apr 18)
    - Re: IXP Sean Donelan (Apr 19)
    - Re: IXP Stephen Stuart (Apr 18)
    - Re: IXP Bill Woodcock (Apr 18)
    - Re: IXP Paul Vixie (Apr 23)

(Thread continues...)