Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: UUNet Offer New Protection Against DDoS

  • From: Alex Bligh
  • Date: Sat Mar 06 20:24:52 2004



--On 06 March 2004 23:02 +0000 Paul Vixie <vixie@vix.com> wrote:

ok, i'll bite.  why do we still do this?  see the following from June
2001:

http://www.cctec.com/maillists/nanog/historical/0106/msg00681.html
Having had almost exactly that phrase in my peering contracts for
$n years, the answer is because if you are A, and peer is B,

if ( A>B )
 your spoofed traffic comes (statistically) from elsewhere so you don't
 notice. You are dealing with traffic from C, where C>>A
else
 you've signed their peering agreement, and are 'peering' on their
 terms instead. Was I going to pull peering with $tier1 from whom
 the occasional DoS came? Nope.

The only way this was ever going to work was if the largest networks
cascaded the requirements down to the smallest. And the largest networks
were the ones for whom (quite understandably) rpf was most difficult.

DoS (read unpaid for, unwanted traffic) is one of the best arguments
against settlement-free peering (FX: ducks & runs).

Alex




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.