peering requirements (Re: DDOS anecdotes)

• Previous message (by thread): peering requirements (Re: DDOS anecdotes)
• Next message (by thread): DDOS anecdotes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 14:52 26/06/01 -0700, Paul A Vixie wrote:

> >   o source filtering at high bandwidth
>
>i consider this nonsoluable.  some routers can already do it, but making the
>ownership and deployment of such routers be the minimum price of entry into
>the peering game is a fatal nonstarter of an idea.  and the infrastructure
>for expressing netblock ownership in a way that could be used to build
>accurate and reliable filters (assuming the routers could load such filters
>and act on them at wire speed) isn't there.  i think this way lies madness.
>
>source filtering is an edge problem, at current technology levels.  but how
>to ensure that other people do it at THEIR edge is a separate problem from how
>to do it at YOUR edge.  the former is social/economic, the latter is 
>technical.

I have found a fairly easy way to make this start happening.  When putting 
out an RFI/RFP for some Internet connectivity/Web hosting/VPN/etc.  - in 
addition to putting in the obvious rtt minimums, SLAs, OC-48 backbones, 
24x7 NOCs, etc. I have started to include the following:

- anti-spoofing source filtering

Even if the ISP can't do it - the sales and marketing people are now 
driving the change process.  The more RFI/RFPs that ISPs see that contain 
such a mandatory section, the more the network will become a better place 
to live.  There are more than enough consultants/people on this list that 
can drive this process very quickly.

-Hank

PS I also include "human response to abuse@ email within 24 hours" :-)

• Previous message (by thread): peering requirements (Re: DDOS anecdotes)
• Next message (by thread): DDOS anecdotes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]