Filter NTP traffic by packet size?

Jérôme Nicolle jerome at ceriz.fr
Fri Feb 28 15:50:47 UTC 2014


Hi Royce,

Le 23/02/2014 20:48, Royce Williams a écrit :
> Newb question ... other than retrofitting, what stands in the way of
> making BCP38 a condition of peering?

Good point ! And simple answer : most peers wouldn't support the hassle
yet, thus reducing peering density and interest.

I operate a small IXP in southern France and none of my members is
currently BCP38 compliant. Of 16 members only one is known to work on
the issue.

Funny thing beeing that most active members are also switching to
Juniper routers and all had been contributing as NTP reflectors because
of JunOS bugs.

I'd rather consider implementing ACLs on member ports to filter-out
illegitimate prefixes (cannot do OpenFlow on cheap L2 switches :( )
rather than making BCP38 compliance mandatory.

Best regards,
-- 
Jérôme Nicolle
+33 6 19 31 27 14



More information about the NANOG mailing list