IAB concerns against permanent deployment of edge-based filtering
Randy Bush
randy at psg.com
Mon Oct 20 12:10:16 UTC 2003
>>> prudent/paranoid folk over the years have persuaded me that
>>> it makes the best sense to only run those applications/services
>>> that I need to and shut off everything else - until/unless there
>>> is a demonstrated need for it.
>> very true for a host, even somewhat true for a site. very untrue
>> for a backbone.
> there appears to be a disconnect in the wording of the IAB document:
> it starts:
> ----
> IAB concerns against permanent deployment of edge-based filtering
>
> The IAB notes that there ISPs/ASes undertaking permanent deployment of
> edge-based protocol number/port number packet filtering on traffic
> received from eBGP peers.
> ----
> it can be viewed from the perspective of a transit provider
> looking toward its edges, the clients.
>
> it can be viewed from the perspective of a multihomed client
> looking toward its edges, the transit providers.
>
> which one you take depends on where you start... :)
>
> then there is the idea of "permanent" deployment ...
> little is permanent in networking. the hard problem
> is when vendors put filters in silicon. :(
i have been assuming, possibly quite incorrectly, that the iab concern
was with backbone providers. possibly this is due to my perspective.
imiho, backbones move packets, and the more we muck with them the less
happier our customers are.
but i filter like hell at my personal site edge, and do try to keep
unwanted things off my hosts.
randy
More information about the NANOG
mailing list