[4664] in North American Network Operators' Group
Re: SYN flood messages flooding my mailbox
daemon@ATHENA.MIT.EDU (rwoundy@VNET.IBM.COM)
Mon Sep 23 22:19:37 1996
From: rwoundy@VNET.IBM.COM
Date: Mon, 23 Sep 96 22:10:58 EDT
To: avg@quake.net, curtis@ans.net, nanog@merit.edu
*** Resending note of 09/23/96 18:38
Subject: Re: SYN flood messages flooding my mailbox
>Not. Every entry in the filter contains the following data:
> [Prefix] [Prefix Length] [Bitmask]
>where bitmask has a bit per every interfaces, so the bit if set if
>packet matching the prefix is allowed from that interface.
How do you handle the case of an inter-exchange point, with multiple
BGP neighbors per interface? The MAE-East NAP is the worst case
(and not everyone at a NAP is a "transit AS").
If you tried to handle the case of an IXP, wouldn't you have to
filter based on both interface and MAC address?
>Since in practically all cases all prefixes (NOT routes!) found in
>all RIBs are also found in FIB (exceptions are proxy aggregation
>and/or restricted end-to-end reacheability) the size of the list
>is the same as size of FIB.
What do you do with a prefix announced through two providers, where
the prefix is taken from one provider's supernet? Wouldn't you need
to check the RIB entries of all matching prefixes (including default)?
-- Richard Woundy, IBM
