[168831] in North American Network Operators' Group
Re: BCP38 is hard, was TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Saku Ytti)
Wed Feb 5 13:01:43 2014
Date: Wed, 5 Feb 2014 20:01:09 +0200
From: Saku Ytti <saku@ytti.fi>
To: nanog list <nanog@nanog.org>
In-Reply-To: <11FCB9B4-E44D-40C2-9BE4-5045208658D1@puck.nether.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On (2014-02-05 11:15 -0500), Jared Mauch wrote:
> The problem is many of these can compile to larger than the physical amount of space in the router/LC have to handle it. I’ve done presentations to vendors about what percentage (in bytes and per-line) of the configuration is of what component. 90%+ tends to be customer-specific prefix-list/set/filter lines.
Absolutely. But the good thing is, we don't need to have it comprehensively
deployed in transit scenarios, just as long as spoofing domains are
sufficiently fragmented DoS attack gets get better pay off from not spoofing.
--
++ytti
