Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPv6, IPSEC and DoS

  • From: Todd Vierling
  • Date: Mon Jan 03 17:00:55 2005

On Mon, 3 Jan 2005, Sean Donelan wrote:

> Not necessarily.  Some public networks are moving away from the ask
> everyone the question, anyone can answer model. It cuts down on the
> chatter, and the spoofing.  That doesn't mean you have to go to a static
> provisioning model, but it does mean you have to think harder about what
> you trust, what asks the questions and what answers the questions.

One example is the typical cable modem provider.  A DOCSIS modem is
provisioned with a MAC address known to the telco, and effectively creates a
virtual "port" on a huge switch^Whub with the modem's MAC as the port
identifier.

The MAC of the device behind the virtual port is then provisioned using some
sort of interface that detects and stores that MAC address as associated
with the modem.  At that point it's easy to automate the process and allow
packets from known MAC addresses through only their associated virtual
ports.

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com>




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.