[170420] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (Chip Marshall)
Thu Mar 27 09:44:35 2014
Date: Thu, 27 Mar 2014 09:41:14 -0400
From: Chip Marshall <chip@2bithacker.net>
To: nanog@nanog.org
In-Reply-To: <90E6F06C-88A0-4A5F-A98D-5A27CFD6692C@delong.com>
Reply-To: chip@2bithacker.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2014-03-26, Owen DeLong <owen@delong.com> sent:
> Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.
>=20
> Admittedly, /48s are only 65,536 RBL entries per, but I still
> think that address-based reputations are a losing battle in an
> IPv6 world unless we provide some way for providers to hint at
> block sizes.
>=20
> After all, if you start blocking a /64, what if it=E2=80=99s a /64
> shared by thousands of hosting customers at one provider
> offering virtuals?
It was brought to my attention in a parallel thread on Mailop
that such a mechanism does exist for allowing ISP to hint about
the size of customer allocations, at least in the RIPE database:
http://www.ripe.net/ripe/docs/ripe-513
So how do we make this universal and get ISPs to use it?
If we know customer sizes, it becomes much easier to do
reputation on a per-customer basis, which is probably granular
enough for a lot of cases.
--=20
Chip Marshall <chip@2bithacker.net>
http://2bithacker.net/
--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (Darwin)
iEYEARECAAYFAlM0KnoACgkQnTUxIUPEgZ458wCgw3tHYrhT40n+DtdUuYUCf37v
P8QAn3G5sHvNpCodUxDPhLtNEXoV6dzO
=/L94
-----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--
