[122398] in North American Network Operators' Group
Re: Google to offer fiber to end users
daemon@ATHENA.MIT.EDU (Anton Kapela)
Sat Feb 13 20:47:51 2010
In-Reply-To: <4B75B751.80400@bogus.com>
Date: Sat, 13 Feb 2010 20:47:23 -0500
From: Anton Kapela <tkapela@gmail.com>
To: Joel Jaeggli <joelja@bogus.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> James Hess wrote:
>> For now.. with 1gigabit residential connections, =A0BCP 38 =A0OUGHT to b=
e
>> Google's answer. =A0If Google handles that properly, =A0they =A0_should_
>> make it mandatory that all traffic =A0from residential customers be
>> filtered, in all cases, =A0 in order to =A0only forward =A0 packets with
>> their =A0legitimately assigned =A0or registry-issued publicly verifiable
>> IP prefix(es) =A0in the =A0IP source field. =A0 =A0 Must be mandatory ev=
en for
>> =A0'resellers', =A0otherwise there's no point.
>
> The =A0amount of DOS that is spoofed today is by all reports significantl=
y
> lower as percentage of overall DOS than it was in say 2000.
>
> BCP 38 is all fine and dandy, and you should implement it, but it's not
> going to stop the botnets.
After re-reading the original post Google will be providing BOTH
a) generic L2 transport for resellers to use in reaching users/subscribers
b) their own L3 product
Enforcing 'resellers' to do BCP38 on their L2 product reads synonymous
to "boondogle." Further, who cares? This isn't where the "bad stuff"
is given the context of a multi-access L2 network.
>> P.S. =A0reasonable abuse response is not defined as a =A04-day delayed
>> answer to a =A0'help, no contact addresses will answer me' post on nanog
>> (long after automated processes finally kicked in).. =A0 =A0 Reasonable
>> response to a =A0continuous =A01gigabit =A0flood =A0or =A0100 kilopacket=
=A0flood
>> should be =A0less than 12 hours.
NOC's that give a crap are good, but we have other tools at our
disposal. I find that customers tend to 'take note' they've screwed-up
something badly when their port goes ERRDISABLE and looses link for a
few minutes. I understand that NANOG typically doesn't concern itself
with edge-access techniques, but there are easy ways to mitigate allot
of what a NOC might have to handle. Perhaps it's worth forking this
thread to discuss?
Done well, this should end up somewhere near 'uninportant' or a 'non-issue.=
'
-Tk
