UUNet Offer New Protection Against DDoS

• Previous message (by thread): UUNet Offer New Protection Against DDoS
• Next message (by thread): UUNet Offer New Protection Against DDoS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- "Patrick W.Gilmore" <patrick at ianai.net> wrote:
> What's wrong with letting customers announce /32s
> into your network, as 
> long as you do not pass it to anyone else (including
> other customers)?

Theoretically nothing.  However, you do need to watch
out, because there are a certain percentage of
clue-impaired folks who believe that {traffic
engineering | load-balancing | whatever mojo they're
calling it now} can be best accomplished by announcing
every /32 out of their legitimate /16 block. 

While there are certainly vendors who can take an
extra 60,000 routes with impunity, there is a lot of
gear out there which can't.  

Moral: if you let your customers advertise more
specifics to you, use maximum-prefix filters...

-David Barak-
-Fully RFC 1925 Compliant-

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

• Previous message (by thread): UUNet Offer New Protection Against DDoS
• Next message (by thread): UUNet Offer New Protection Against DDoS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]