[52714] in North American Network Operators' Group
Re: Who does source address validation? (was Re: what's that smell?)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Wed Oct 9 03:02:54 2002
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 09 Oct 2002 07:01:26 +0000
In-Reply-To: <Pine.GSO.4.40.0210081226300.12863-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
sean@donelan.com (Sean Donelan) writes:
> If c.root-servers.net provider did this, they wouldn't see any RFC1918
> traffic because it would be dropped at their provider's border routers.
Right. But then I wouldn't be able to measure it, which would be bad.
> If c.root-servers.net provider's peer did this, again c.root-servers.net
> provider wouldn't see the rfc1918 packets.
This is the single case where not being able to measure/complain would be OK,
because the problem wouldn't be "in the core", it would be (correctly) stopped
at the source-AS.
> So why doesn't c.root-servers.net provider or its peers implement this
> "simple" solution? Its not a rhetorical question. If it was so simple,
> I assume they would have done it already.
C-root's provider is also C-root's owner, and they have offerred to shut this
traffic off further upstream, as F-root's network operators were doing until
yesterday, but I asked that it not be filtered anywhere except C-root itself
(where I can measure it) or distant source-AS's (which is where it makes
sense.)
--
Paul Vixie
