IXP

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Sat Apr 18 22:41:12 UTC 2009


On Sat, Apr 18, 2009 at 09:12:24PM +0000, Paul Vixie wrote:
> > Date: Sat, 18 Apr 2009 13:17:11 -0400
> > From: "Steven M. Bellovin" <smb at cs.columbia.edu>
> > 
> > On Sat, 18 Apr 2009 16:58:24 +0000
> > bmanning at vacation.karoshi.com wrote:
> > 
> > > 	i make the claim that simple, clean design and execution is
> > > best. even the security goofs will agree.   
> >
> > "Even"?  *Especially* -- or they're not competent at doing security.
> 
> wouldn't a security person also know about
> 
> 	http://en.wikipedia.org/wiki/ARP_spoofing
> 
> and know that many colo facilities now use one customer per vlan due
> to this concern?  (i remember florian weimer being surprised that we
> didn't have such a policy on the ISC guest network.)
> 
> if we maximize for simplicity we get a DELNI.  oops that's not fast
> enough we need a switch not a hub and it has to go 10Gbit/sec/port.
> looks like we traded away some simplicity in order to reach our goals.

	er... 10G is old hat... try 100G.

	i'm not arguing for a return to smoke signals.  i'm arguing that
	simplicity is often time gratuitously abandoned in favor of the
	near-term, quick buck.

	if i may paraphrase Albert, "Things should be as simple as possible,
	but no simpler"

	and ARP... well there's a dirt simple hack that the ethernet-based
	folks have never been able to shake. :)

--bill




More information about the NANOG mailing list