[149771] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Jeff Kell)
Wed Feb 15 18:19:25 2012
Date: Wed, 15 Feb 2012 18:18:21 -0500
From: Jeff Kell <jeff-kell@utc.edu>
To: <nanog@nanog.org>
In-Reply-To: <20120215230258.GQ5968@angus.ind.WPI.EDU>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
(1) Block all ICMP (obviously some are required for normal operations,
unreachables, pMTU too large/DF set, etc).
(2) Block certain ports (blindly, w/o at least "established") taking out
legitimate ephemeral port usage.
(3) Local uRPF is unnecesary (or source spoofing mitigation in general)
(4) Automagical things are necessary (Microsoft proprietary, UPnP, Apple
Bonjour, mDNS, etc)
(5) WAN routing to multiple providers will automagically load-balance
automagically. or for that matter...
(6) IGP routing across multiple paths will automagically load-balance
automagically. Or for that matter...
(7) Port-channel (link aggregation) will load-balance automagically.
(8) Connectivity/throughput issues are always local or first-hop. (We
have a gig connection, why am I not getting a gig throughput)
I'm sure there are more, but those were at the top of my head :)
Jeff
