Where is the edge of the Internet? Re: no ip forged-source-address
sean at donelan.com
Mon Nov 4 23:18:21 UTC 2002
On Mon, 4 Nov 2002 bdragon at gweep.net wrote:
> What about the other large isps? What would it take for you to do
> something? Chris is gracious enough to show up and participate, at
> least even if it does mean he has to wear nomex.
I'm in favor of source address filtering at the edges.
I'm opposed to some of the suggestions where to put source address
filters, especially placing them in "non-edge" locations. E.g. requiring
address filters at US border crossings is a *bad* idea, worthy of an
official visit from the bad idea fairy.
Our networks, and our customer bases, are not identical. This is good
and bad. Not to make excuses, the ease with which this can technically be
done depends on your network and type of customer connections. Or more
precisely how you aggregate customer connections.
IMHO the edge is generally the best place to do source address filtering.
After traffic is aggregated its more difficult. Some folks have already
identified the technical limitations of some types equipment. And with
the market, we're going to be stuck with that equipment for a while. In
hindsight, if every provider and every equipment vendor did it from day 1,
we would be in great shape.
Does that mean I can wave my magic wand and fix everything tomorrow? No.
Can I work on standards, vendors and purchasing agents to change this over
time? Yes. Will yelling at me make it happen faster? I doubt it, but I
know you will anyway.
More information about the NANOG