North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: 69/8...this sucks -- Centralizing filtering..
- From: Joe Abley
- Date: Mon Mar 10 12:33:39 2003
On Monday, Mar 10, 2003, at 10:54 Canada/Eastern, Haesu wrote:
Since most service providers should be thinking about a sink hole
network
for security auditing (and backscatter), why not have ONE place
where you
advertise all unreachable, or better yet -- a default (ie everything
NOT
learned through BGP peers), and just forward the packets to a bit
bucket..
Which is better than an access list since, now we are forwarding
packets
instead of sending them to a CPU to increase router load.
I don't think ARIN can help the situation. ISPs just need to remove
the
access lists from each router in the network and centralize them.
I totally agree with you. However, as always, centralized systems,
while
ease management and scalability, everything becomes a trust issue and a
single point of failure or source of problems...
I can think of two organisations which could probably take care of a
good chunk of the problem, if people were prepared to leave it up to
them. The routing system is already largely dependent on the
interoperability of bugs produced by these people, and so arguably no
additional trust would be required.
One organisation has a name starting with "j", and the other starts
with "c".
Joe
|
