[170366] in North American Network Operators' Group
RE: misunderstanding scale
daemon@ATHENA.MIT.EDU (Naslund, Steve)
Wed Mar 26 17:48:41 2014
From: "Naslund, Steve" <SNaslund@medline.com>
To: Matthias Leisi <matthias@leisi.net>, NANOG list <nanog@nanog.org>
Date: Wed, 26 Mar 2014 21:48:08 +0000
In-Reply-To: <CALgnk9q073UqyCG-fjb6MD-p77hHkidFYnu26sbM9GFYmAXsaw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If you can figure out how to store an address and a mask you can have any s=
ize entry you want. Just like a routing table. This is not insurmountable=
.
Steven Naslund
Chicago IL
> OTOH, a spammer with a single /64, pretty much the absolute minimum=20
> IPv6 block, has more than 18 quintillion addresses and there's not a=20
> computer on the planet with enough memory (or probably not even enough=20
> disk space) to store that block list.
>
It only takes a single entry if you do not store /128s but that /64. Yes, R=
BL lookups do not currently know how to handle this, but there are a couple=
of good proposals around on how to do it.
This would also reduce the risks from cache depletion attacks via DNSxL loo=
kups to IPv4 levels.
Sometimes scale is everything. host-based reputation lists scale easily to
> 3.2 billion host addresses. IPv6, not so easily.
>
As soon as we get away from host-centric-view to a network-block-view, thin=
gs get pretty straightforward.
-- Matthias
