TWC (AS11351) blocking all NTP?

Christopher Morrow morrowc.lists at
Tue Feb 4 19:38:50 UTC 2014

On Tue, Feb 4, 2014 at 2:28 PM, William Herrin <bill at> wrote:
> On Tue, Feb 4, 2014 at 2:08 PM, Doug Barton <dougb at> wrote:
>> On 02/04/2014 08:04 AM, William Herrin wrote:
>>> If just three of the transit-free networks rewrote their peering
>>> contracts such that there was a $10k per day penalty for sending
>>> packets with source addresses the peer should reasonably have known
>>> were forged, this problem would go away in a matter of weeks.
>> Won't work because no one will sign that contract.
> Hi Doug,
> Verizon Business is willing to do settlement-free peering with you but

you forgot an IF there, right?

All of these 'get N tierM networks to peer and agree to penalties
amongst eachother in the case of Y happening' discussions sound a LOT
like longdistance settlement regimes. There's a nice fellow in
tcpm/iccrwg in the ietf that's happy to talk a lot about 'red packets'
and 'black packets' and congestion and cost shifting for this sort of
thing. which frankly sounds almost exactly like the conversation about
spoofed packets.

In a world where folk connect to a peering fabric and default-route
toward a peer, or never send routes to a peer yet prefer paths across
that peer... or hell, do this with their ISP network connections.  How
does one tell that 'ISPX sent me a packet that is spoofed' ? how does
that hold up in court? (which will happen eventually when the billing
dispute goes south... and will happen months after the event in

It's a laudable goal, to do some enforcement of bcp38-like functions,
but doing at SFP links is frankly impactical and bound to fail.
Instead, concentrate on the customer edge of the problem and solve
things there, eh?


More information about the NANOG mailing list