[Re: 69/8...this sucks -- Centralizing filtering..]

Mon Mar 10 17:40:57 UTC 2003

interesting idea, enable it by default, with the option to turn it off
(i hope)...

my-big-fat-router# conf t
my-big-fat-router(config)# no ip clueless

Joe Abley <jabley at isc.org> wrote:
> 
> 
> On Monday, Mar 10, 2003, at 10:54 Canada/Eastern, Haesu wrote:
> 
> >> Since most service providers should be thinking about a sink hole 
> >> network
> >> for security auditing (and backscatter),  why not have ONE place 
> >> where you
> >> advertise all unreachable, or better yet -- a default (ie everything 
> >> NOT
> >> learned through BGP peers), and just forward the packets to a bit 
> >> bucket..
> >> Which is better than an access list since, now we are forwarding 
> >> packets
> >> instead of sending them to a CPU to increase router load.
> >>
> >> I don't think ARIN can help the situation.  ISPs just need to remove 
> >> the
> >> access lists from each router in the network and centralize them.
> >
> > I totally agree with you. However, as always, centralized systems, 
> > while
> > ease management and scalability, everything becomes a trust issue and a
> > single point of failure or source of problems...
> 
> I can think of two organisations which could probably take care of a 
> good chunk of the problem, if people were prepared to leave it up to 
> them. The routing system is already largely dependent on the 
> interoperability of bugs produced by these people, and so arguably no 
> additional trust would be required.
> 
> One organisation has a name starting with "j", and the other starts 
> with "c".
> 
> 
> Joe
> 

"Walk with me through the Universe,
 And along the way see how all of us are Connected.
 Feast the eyes of your Soul,
 On the Love that abounds.
 In all places at once, seemingly endless,
 Like your own existence."
     - Stephen Hawking -