saku+nanog at ytti.fi
Fri Jul 21 16:01:00 UTC 2006
On (2006-07-21 11:38 -0400), Joe Abley wrote:
> That seems to me like another perfectly valid approach, and one that
> already exists to some extent (e.g. by pre-poisoning AS_PATH
> attributes with AS numbers of remote networks that you don't want to
> accept particular routes). I'm told that IDRP has inclusion and
> exclusion lists which provide more exhaustive implementation of this
> kind of idea, too.
Oh, cool idea, indeed 'as exclude' mechanism is there, but I'm sure I'd be
frowned upon advertising such routes today. 'as include' otoh. is not there.
> However, for some applications those mechanisms rely on knowing the
> topology one or more AS hops away from your network; AS_PATHLIMIT
> doesn't. To my eye the two approaches seem complementary.
Absolutely complementary. The 'original' problem I was thinking, really
needed both, as point was to find how 'deep' in Internet your
DoS sources are, then as you've indentified the depth, you have
smaller subset of AS#'s that you could iterate with include/exclude
to pinpoint source of certain traffic, even if they were spoofing.
But that idea has several problems that might make it unfeasible,
nevertheless the traffic engineering applications remain.
> [To be clear, incidentally, Tomy, Rex and I made no claim to be the
> original authors of the idea we were documenting in this draft:
ACK, I did notice that, I'm sure most people have thought about it at one
point or another in their networking career :).
I hope it'll be implemented. Thanks,
More information about the NANOG