nanog mailing list archives

Re: Filter NTP traffic by packet size?

From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Mon, 24 Feb 2014 00:26:21 GMT

What is the business model for the IX? Unauthorized filtering of
incoming traffic risks collateral damage and outing exchange members
seems problematic.


I never proposed for them to filter.


What is missing is filtering at IXP not by IXP.

Most transits have blackhole communities so you can drop the DoS
through them but peers usually do not. You end up shutting peering so
your transit will drop it for you, not ideal.

We could agree per peer to do the same but with route servers and lots
of peers a standard for community and acceptance of it would be handy.

Obviously there is risk in doing this with (lots of) peers as they tend
to be prefix limited, not address filtered.

brandon

Current thread:

Re: Filter NTP traffic by packet size?, (continued)
- - - Re: Filter NTP traffic by packet size? Saku Ytti (Feb 22)
- Re: Filter NTP traffic by packet size? Laszlo Hanyecz (Feb 20)
  - Re: Filter NTP traffic by packet size? James R Cutler (Feb 20)
- Re: Filter NTP traffic by packet size? Phil Bedard (Feb 20)
- Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
  - Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
  - Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
  - Re: Filter NTP traffic by packet size? Harlan Stenn (Feb 21)
    - Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
- RE: Filter NTP traffic by packet size? Phil Bedard (Feb 23)
- Re: Filter NTP traffic by packet size? Brandon Butterworth (Feb 23)
- Re: Filter NTP traffic by packet size? Harry Hoffman (Feb 26)