Where is the edge of the Internet?

• Previous message (by thread): Where is the edge of the Internet?
• Next message (by thread): Where is the edge of the Internet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

$author = "alok" ;
> 
> they will charge you a whooping sum for that "picking places" bit ;o)
> ... i agree that  the best place to actually address such scenarios is the
> "backbone"/"peering points"/"borders" where all traffic is seen..rather than
> go around tinkering at all edges..but i dont know how RPF would address the
> assymetry there..  but at the edges...depolyment costs is a problem..i
> think...dont ask me if i have a better idea :o) i would be writing a paper
> if i did.....

i'd disagree with your choice of places:

backbone - the core is the last place i'd be putting filtering

peering points / borders  - the router needs a full table (asymmetry /
reachable-via any) and be beefy enough to handle the extra load of
filtering.

the places to go after are (IMHO in this order):

- routers immediately upstream of dial-in pools, cable headends etc.etc.
  (strict filtering)
- routers aggregating customer circuits (strict filtering)
- peering / transit circuits (loose filtering)


> coz the destination network is there..... its still a viable config
> isnt it..incase of assymetric uplinks and downlinks? ......wht stops u from
> "not having a route to the source" as routing  is destination IP based...
> some particular network may be covered with 0.0.0.0/0 for example and you
> may have no routing entry for it... or you could be having a customer who
> uplinks a particular network segment via your ISP, but doesnt advertise his
> network to you as he actually downlinks that network from somewhere
> else...nothing to stop that  topology either.........right?

a default route is still a route (may need configuring "allow-default"). 

i don't think you grasp the idea of "reachable-via any" which allows you to
filter only if there is no route for the source address in the entire table,
allowing for asymmetry in the network. 

if the router can't return a response or icmp packet to the source, why
bother with the packet. if the router doesn't have a full table and no
default route then it just isn't a smart place to filter (and a very extreme
corner case).

marty

--
I'm not here. This isn't happening.

"How to Disappear Completely" - Radiohead

• Previous message (by thread): Where is the edge of the Internet?
• Next message (by thread): Where is the edge of the Internet?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]