White House to Propose System for Wide Monitoring of Internet (fwd)

Christopher L. Morrow chris at UU.NET
Fri Dec 20 22:13:53 UTC 2002


On Fri, 20 Dec 2002, batz wrote:

> On Fri, 20 Dec 2002, David Lesher wrote:
> :[This just jumped into the operational arena. Are you prepared
> :with the router port for John Poindexter's vacuum? What changes
> :will you need to make? What will they cost? Who will pay?]
> There is a really easy way to accomplish this, and it has been
> apparently partially implemented within UUNet as an overlaid
> network of GRE tunnels for a few years, at least based on a
> Nanog presentaton from October 1999.

This is incorrect, this isn't implemented, its not implementable, current
routing gear doesn't gre tunnel a) fast enough, b) at all.... HOWEVER,
juniper will allow you to copy packets on an interface in 5.5 or perhaps a
bit later code, this is one way to implement this... however having a new
oc-X for each oc-X you wanna monitor. I wonder if there is a limit to the
amount of fiber the OCS/NCS/NPIC wants to monitor?

> This can be accomplished quite cost effectively, provided the
> government doesn't want to archive *everything*.

even if the gre tunnel (Center Track (c) Robert Stone, et al.) idea worked
right and scaled correctly things would still be 'expensive'... to

> I keep mentioning this, and for some reason few people seem to
> recognize how profoundly simple it would be for the government
> to legislate themselves into exchange points and have
> the authority to announce certain prefixes to the IX, tunnel
> the traffic of the affected route into their own network,
> and monitor it without ever showing up in a traceroute.

Sure, or they could ask carriers to tap lines for them silently... in fact
they can do that today with a court order.


More information about the NANOG mailing list