North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
- From: Joe Provo
- Date: Sun Mar 07 22:09:10 2004
On Sun, Mar 07, 2004 at 09:24:44PM -0500, Sean Donelan wrote:
> On Mon, 8 Mar 2004, E.B. Dreger wrote:
> > SD> They saw no _net_ savings.
> > SD>
> > SD> In the real world, it costs more to deploy and maintain
> > SD> SAV/uRPF.
In the real word, there are different networks with different
tools and different gear. In some networks, it is a flip of
the switch, you are done, and can move on.
The direct benefit to my network is eliminating a category of
crap from it. I save having to deal with that category. Yes
there is other crap, but reducing the workload... reduces the
> has correctly deployed SAV. Even if everyone deploys SAV/uRPF
> you never know when someone may misconfigure something,
> so you still have to keep doing everything you were doing.
You mean internally to the network? Config management must exist
for a huge number of reasons. Drop the right knob in your standards
and move on. I don't follow 'having to keep doing everything'
when I have one less things to do.
> In the mean time, you get to pay for the extra costs for deploying
> SAV/uRPF in addition to doing everything you were already doing.
I'm sorry your network has such huge costs for trivial changes that
follow simple logic. Actually, I've lost track of how many tiers
of soapboxes are involved here, so I'm not sure what level of
hypothetical-vs-real this [sub]thread is tackling.
I'll encourage my competators to let more crap on their networks.
I'll take out the trash at the points where I can.
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE