[64295] in North American Network Operators' Group
Re: IAB concerns against permanent deployment of edge-based filtering
daemon@ATHENA.MIT.EDU (bmanning@karoshi.com)
Mon Oct 20 08:02:24 2003
From: bmanning@karoshi.com
To: randy@psg.com (Randy Bush)
Date: Mon, 20 Oct 2003 05:00:58 -0700 (PDT)
Cc: bmanning@karoshi.com, eric@roxanne.org (Eric Gauthier),
nanog@nanog.org, iab@iab.org
In-Reply-To: <E1ABLsS-000DuM-6i@roam.psg.com> from "Randy Bush" at Oct 19, 2003 05:18:19 PM
Errors-To: owner-nanog-outgoing@merit.edu
>
> > prudent/paranoid folk over the years have persuaded me that
> > it makes the best sense to only run those applications/services
> > that I need to and shut off everything else - until/unless there
> > is a demonstrated need for it.
>
> very true for a host, even somewhat true for a site. very untrue
> for a backbone.
>
> randy
>
there appears to be a disconnect in the wording of the IAB document:
it starts:
----
IAB concerns against permanent deployment of edge-based filtering
The IAB notes that there ISPs/ASes undertaking permanent deployment of
edge-based protocol number/port number packet filtering on traffic
received from eBGP peers.
----
it can be viewed from the perspective of a transit provider
looking toward its edges, the clients.
it can be viewed from the perspective of a multihomed client
looking toward its edges, the transit providers.
which one you take depends on where you start... :)
then there is the idea of "permanent" deployment ...
little is permanent in networking. the hard problem
is when vendors put filters in silicon. :(
--bill
