[170393] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Mar 27 01:19:50 2014
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CALgnk9q073UqyCG-fjb6MD-p77hHkidFYnu26sbM9GFYmAXsaw@mail.gmail.com>
Date: Wed, 26 Mar 2014 22:17:18 -0700
To: Matthias Leisi <matthias@leisi.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 26, 2014, at 3:18 AM, Matthias Leisi <matthias@leisi.net> wrote:
> On Wed, Mar 26, 2014 at 6:31 AM, Owen DeLong <owen@delong.com> wrote:
>=20
>=20
>> OTOH, a spammer with a single /64, pretty much the absolute minimum =
IPv6
>> block, has more than 18 quintillion addresses and there's not a =
computer on
>> the planet with enough memory (or probably not even enough disk =
space) to
>> store that block list.
>>=20
>=20
> It only takes a single entry if you do not store /128s but that /64. =
Yes,
> RBL lookups do not currently know how to handle this, but there are a
> couple of good proposals around on how to do it.
Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.
Admittedly, /48s are only 65,536 RBL entries per, but I still think that =
address-based
reputations are a losing battle in an IPv6 world unless we provide some =
way for providers
to hint at block sizes.
After all, if you start blocking a /64, what if it=92s a /64 shared by =
thousands of hosting
customers at one provider offering virtuals?
>=20
> This would also reduce the risks from cache depletion attacks via =
DNSxL
> lookups to IPv4 levels.
Yes and no.
>=20
> Sometimes scale is everything. host-based reputation lists scale =
easily to
>> 3.2 billion host addresses. IPv6, not so easily.
>>=20
>=20
> As soon as we get away from host-centric-view to a network-block-view,
> things get pretty straightforward.
Except where they don=92t.
Owen
