Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP rate limiting on EGRESS (Warning, operational content inside)

  • From: Alex Bligh
  • Date: Mon Jan 17 11:38:08 2000

Sean Donelan wrote:
> Or is this a case, if we had thought about it, we would have prohibited
> it at the start; but now its in the wild we don't know how to get it back
> in the barn.

Mmmm... we got onto this argument by someone implying we wouldn't need
this sort of defensive technique (ICMP rate limiting on egress)
if source-spoofed weren't transmittable (or weren't widely transmittable).

I agree. However as you are demonstrating, whilst getting to this
utopia would be great, getting there will take a long time. I'm sure
we *might* also fix DoS attacks using some sort of interprovider MPLS
or like to provide QoS negotiation (and that'll also give you non-destination
based routing) .... and I bet that even if this could
be got to work, it would take even longer.

In the mean time, ICMP rate limiting is here now and deployable for
most people at these exchangepoints today.

-- 
Alex Bligh
GX Networks (formerly Xara Networks)







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.