nanog mailing list archives
Re: Filter NTP traffic by packet size?
From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Mon, 24 Feb 2014 00:26:21 GMT
What is the business model for the IX? Unauthorized filtering of incoming traffic risks collateral damage and outing exchange members seems problematic.I never proposed for them to filter.
What is missing is filtering at IXP not by IXP. Most transits have blackhole communities so you can drop the DoS through them but peers usually do not. You end up shutting peering so your transit will drop it for you, not ideal. We could agree per peer to do the same but with route servers and lots of peers a standard for community and acceptance of it would be handy. Obviously there is risk in doing this with (lots of) peers as they tend to be prefix limited, not address filtered. brandon
Current thread:
- Re: Filter NTP traffic by packet size?, (continued)
- Re: Filter NTP traffic by packet size? Saku Ytti (Feb 22)
- Re: Filter NTP traffic by packet size? Laszlo Hanyecz (Feb 20)
- Re: Filter NTP traffic by packet size? James R Cutler (Feb 20)
- Re: Filter NTP traffic by packet size? Phil Bedard (Feb 20)
- Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
- Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
- Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
- Re: Filter NTP traffic by packet size? Harlan Stenn (Feb 21)
- Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
- RE: Filter NTP traffic by packet size? Phil Bedard (Feb 23)
- Re: Filter NTP traffic by packet size? Brandon Butterworth (Feb 23)
- Re: Filter NTP traffic by packet size? Harry Hoffman (Feb 26)