[168945] in North American Network Operators' Group
Re: SIP on FTTH systems
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Fri Feb 7 01:20:21 2014
Date: Fri, 7 Feb 2014 01:20:03 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <alpine.DEB.2.02.1402070712540.24915@uplift.swm.pp.se>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Mikael Abrahamsson" <swmike@swm.pp.se>
> On Fri, 7 Feb 2014, Jay Ashworth wrote:
> > In my not-at-all humble opinion, in an eyeball network, you almost
> > *never* want to make it easier for houses to talk to one another
> > directly; there isn't any "real" traffic there. Just attack traffic.
>
> But creating a solution where you can talk to anyone else on the Internet
> but not the ones in your own neighborhood is broken, so it needs to be
> fixed. In IPv4 I've seen this solved with local-proxy-arp within the
> subnet, and for IPv6 it's easily solvable by not announcing an on-link
> network so they won't even try to communicate directly with each other but
> instead everything is routed via the ISP upstream router and then down
> again to the other customer CPE/computer.
I did not show my work.
I apologize. I will try again:
If I am a commercial customer of an eyeball ISP like Road Runner: *I am
entitled to expect that that ISP is technically capable of protecting
me from possible attack traffic from that other customer*, who's outside
my administrative span of control. If they can send me traffic directly
across a local access subnet, that requires a much larger hammer than if
such traffic must cross the edge concentrator first, the configuration
I assert is a better choice.
Does that help?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
