SIP on FTTH systems

Jay Ashworth jra at baylink.com
Fri Feb 7 06:20:03 UTC 2014


----- Original Message -----
> From: "Mikael Abrahamsson" <swmike at swm.pp.se>

> On Fri, 7 Feb 2014, Jay Ashworth wrote:
> > In my not-at-all humble opinion, in an eyeball network, you almost
> > *never* want to make it easier for houses to talk to one another
> > directly; there isn't any "real" traffic there. Just attack traffic.
> 
> But creating a solution where you can talk to anyone else on the Internet
> but not the ones in your own neighborhood is broken, so it needs to be
> fixed. In IPv4 I've seen this solved with local-proxy-arp within the
> subnet, and for IPv6 it's easily solvable by not announcing an on-link
> network so they won't even try to communicate directly with each other but
> instead everything is routed via the ISP upstream router and then down
> again to the other customer CPE/computer.

I did not show my work. 

I apologize.  I will try again:

If I am a commercial customer of an eyeball ISP like Road Runner: *I am 
entitled to expect that that ISP is technically capable of protecting
me from possible attack traffic from that other customer*, who's outside
my administrative span of control.  If they can send me traffic directly
across a local access subnet, that requires a much larger hammer than if
such traffic must cross the edge concentrator first, the configuration
I assert is a better choice.

Does that help?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274



More information about the NANOG mailing list