North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: icmp rpf
- From: Jared Mauch
- Date: Tue Sep 26 14:47:06 2006
On Tue, Sep 26, 2006 at 01:41:52PM -0400, Patrick W. Gilmore wrote:
> For instance, how many networks are in full compliance with BCP38?
I've been working towards this on our network for some time
but have been hindered by vendor.. uhm, features^Wbugs. eg:
halving the TCAM with rpf enabled, one mode globally (loose vs strict)
and other challenges. It is hard to imagine that we'll reach that point
but that doesn't mean it's not a goal.
> Or are you arguing that since essentially no one is compliant, we
> should scrap the BCP?
> >But, you were correct that I wasn't asking the question
> >I really wanted answered. What I wanted to know was, among the
> >attentive nanog membership, which of you think and/or know that
> >any/all of those AS do loose RPF?
> >The motivation here is that, if asked last week, I would have guessed
> >that none of them run loose RPF. But at least one of them does.
> >The two answers, how many actually do plus whether everyone knew it,
> >will help me decide if I need to spend more time reading nanog email
> >and nanog proceedings (or actually go to a meeting), or not...
> Good question.
Well, digging out messages from archives....
These features have been available in some form since at
least 2002. That has given people at least a 4 year window
of time to consider how much to reduce the (quoting barry) "noise"
on the internet.
I recall hearing of various root-server operators about
what percentage of the packets they get they just can't respond
to. This noise has cost to the common infrastructure that is used
globally. You wouldn't believe which GTLD operator tried to spin up
some government agencies about how bad the reflector attacks were
to their infrastructure. It could be interpreted that they wanted
a government subsidy to cover these increased infrastructure costs
they would have to incur to handle the traffic.
This is just one example (recently) of what happens without
filters in-place. Not everyone on the list provides access to US
Gov't agencies, but if they changed their purchasing to only acquire
access from BCP38 compliant providers, would that impact the way you
did business? Would it get <insert-long-list-of-asns> to change their
network practices and hardware?
I think any reasonable (market based) approaches to help nudge
things in the right direction is better than if we were to hear the
dreaded "R" word. That would not be a good situation for most of us.
There are plenty that will advocate all sorts of positions, and it's
honestly up to us to do the right thing for the right reasons otherwise
we may see an even more imperfect solution come our ways.
Jared Mauch | pgp key available via finger from firstname.lastname@example.org
clue++; | http://puck.nether.net/~jared/ My statements are only mine.