SIP on FTTH systems
Jay Ashworth
jra at baylink.com
Fri Feb 7 06:20:03 UTC 2014
----- Original Message -----
> From: "Mikael Abrahamsson" <swmike at swm.pp.se>
> On Fri, 7 Feb 2014, Jay Ashworth wrote:
> > In my not-at-all humble opinion, in an eyeball network, you almost
> > *never* want to make it easier for houses to talk to one another
> > directly; there isn't any "real" traffic there. Just attack traffic.
>
> But creating a solution where you can talk to anyone else on the Internet
> but not the ones in your own neighborhood is broken, so it needs to be
> fixed. In IPv4 I've seen this solved with local-proxy-arp within the
> subnet, and for IPv6 it's easily solvable by not announcing an on-link
> network so they won't even try to communicate directly with each other but
> instead everything is routed via the ISP upstream router and then down
> again to the other customer CPE/computer.
I did not show my work.
I apologize. I will try again:
If I am a commercial customer of an eyeball ISP like Road Runner: *I am
entitled to expect that that ISP is technically capable of protecting
me from possible attack traffic from that other customer*, who's outside
my administrative span of control. If they can send me traffic directly
across a local access subnet, that requires a much larger hammer than if
such traffic must cross the edge concentrator first, the configuration
I assert is a better choice.
Does that help?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list