[61616] in North American Network Operators' Group
RE: On the back of other 'security' posts....
daemon@ATHENA.MIT.EDU (Greenhalgh, John)
Sun Aug 31 08:24:16 2003
From: "Greenhalgh, John" <JGreenhalgh@newskies.com>
To: 'Owen DeLong' <owen@delong.com>,
Terry Baranski <tbaranski@mail.com>, nanog@merit.edu
Date: Sun, 31 Aug 2003 14:18:50 +0200
Errors-To: owner-nanog-outgoing@merit.edu
>That depends on your definition of edge, I suppose. I define it as the
>port on one of my routers where the other end of the link is connected
>to a machine I don't control. In those terms, edge filtering makes sense
>in some cases and not in others. If it's a dial-up or T1 customer which is
>a single business, it makes sense. If it's an ISP with a few fortune 500
>customers, it doesn't work out as well.
I agree. In the satellite world, such filtering is extremely difficult due
to the asymmetric nature of the traffic. A common scenario is that the
customer will receive packets from upstream via Provider A to addresses
assigned by Provider A. The customer will send packets upstream through
Provider B with source addresses belonging to Provider B. If Provider B
implements edge filtering, then the only way round is to use GRE tunnels,
which gets messy.
--
John Greenhalgh
