Filter NTP traffic by packet size?

Brandon Butterworth brandon at rd.bbc.co.uk
Mon Feb 24 00:26:21 UTC 2014


> > What is the business model for the IX? Unauthorized filtering of
> > incoming traffic risks collateral damage and outing exchange members
> > seems problematic.
> 
> I never proposed for them to filter.

What is missing is filtering at IXP not by IXP.

Most transits have blackhole communities so you can drop the DoS
through them but peers usually do not. You end up shutting peering so
your transit will drop it for you, not ideal.

We could agree per peer to do the same but with route servers and lots
of peers a standard for community and acceptance of it would be handy.

Obviously there is risk in doing this with (lots of) peers as they tend
to be prefix limited, not address filtered.

brandon



More information about the NANOG mailing list