[52689] in North American Network Operators' Group
Re: Who does source address validation? (was Re: what's that smell?)
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Oct 8 15:20:15 2002
Date: Tue, 8 Oct 2002 21:17:46 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: "John M. Brown" <john@chagresventures.com>
Cc: <nanog@merit.edu>
In-Reply-To: <20021008115010.E26874@oso.greenflash.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 8 Oct 2002, John M. Brown wrote:
> It seems to reason that if people started filtering RFC-1918 on
> their edge, we would see a noticable amount of traffic go away.
> Simulation models I've been running show that an average of 12 to 18 percent
> of a providers traffic would disappear if they filtered RFC-1918 sourced
> packets.
That is hard very to believe, unless you are referring to the load on the
root nameservers. Since they obviously don't receive a reply, these
resolvers will keep coming back.
> In addition to the bandwidth savings, there is also a support cost
> reduction and together, I believe backbone providers can see this
> on the bottom line of their balance sheets.
> We have to start someplace. There is no magic answer for all cases.
> RFC-1918 is easy to admin, and easy to deploy, in relative terms compared
> to uRPF or similar methods.
uRPF is easier: one configuration command per interface. A filter for RFC
1918 space is also one configuration command per interface, and some
command to create the filter.
> For large and small alike it can be a positive marketing tool, if properly
> implemented.
Sure. "We can't be bothered to do proper filtering, but since filter
0.39% of what we should, we are cool."
