[64725] in North American Network Operators' Group
RE: more on filtering
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Fri Oct 31 12:39:22 2003
From: "Matthew Kaufman" <matthew@eeph.com>
To: "'Greg Maxwell'" <gmaxwell@martin.fl.us>,
"'Chris Parker'" <cparker@starnetusa.net>
Cc: "'Alex Yuriev'" <alex@yuriev.com>, <nanog@merit.edu>
Date: Fri, 31 Oct 2003 09:35:29 -0800
In-Reply-To: <Pine.GSO.4.33.0310302246520.29819-100000@da1server>
Errors-To: owner-nanog-outgoing@merit.edu
Tell that to Cisco, Nortel, and any other vendor that can handle huge =
rates
of traffic that conform to "typical" but, when the pattern of addresses =
(or
options) in the packets cause the flow cache to thrash, die under loads =
far
below line rate. (See Cisco's
http://www.cisco.com/warp/public/63/ts_codred_worm.shtml as an example)=20
Tell that to any router, switch, or end system vendor who recently found =
out
what happened when a worm forces near-simultaneous arp requests for =
every
possible address on a subnet.
I'm afraid that those of us building actual networks are forced to do so
using actual hardware that actually exists today, and using actual =
hardware
that was actually purchased several years ago and which cannot be =
forklifted
out.
You call the network "obviously broken", I call it "the only one that =
can be
built today".
Matthew Kaufman
matthew@eeph.com
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On=20
> Behalf Of Greg Maxwell
> Sent: Thursday, October 30, 2003 7:48 PM
> To: Chris Parker
> Cc: Alex Yuriev; nanog@merit.edu
> Subject: Re: more on filtering
>=20
>=20
>=20
> On Thu, 30 Oct 2003, Chris Parker wrote:
>=20
> > The source of the problem of bad packets is where they=20
> ingress to my=20
> > network. I disconnect the flow of bad packets thorugh filtering. =20
> > What is the difference, other than I do not remove an entire=20
> > interconnect, only the portion of packets that is affecting=20
> my ability=20
> > to provide services?
>=20
> If the *content* of the packets is breaking your network:=20
> Your network is obviously broken.
>=20
>=20
