[68173] in North American Network Operators' Group
Re: UUNet Offer New Protection Against DDoS
daemon@ATHENA.MIT.EDU (David Barak)
Wed Mar 3 23:52:36 2004
Date: Wed, 3 Mar 2004 20:51:57 -0800 (PST)
From: David Barak <thegameiam@yahoo.com>
To: "Patrick W.Gilmore" <patrick@ianai.net>, nanog@merit.edu
In-Reply-To: <C5F69F54-6D63-11D8-9FB9-000A9578BB58@ianai.net>
Errors-To: owner-nanog-outgoing@merit.edu
--- "Patrick W.Gilmore" <patrick@ianai.net> wrote:
> What's wrong with letting customers announce /32s
> into your network, as
> long as you do not pass it to anyone else (including
> other customers)?
Theoretically nothing. However, you do need to watch
out, because there are a certain percentage of
clue-impaired folks who believe that {traffic
engineering | load-balancing | whatever mojo they're
calling it now} can be best accomplished by announcing
every /32 out of their legitimate /16 block.
While there are certainly vendors who can take an
extra 60,000 routes with impunity, there is a lot of
gear out there which can't.
Moral: if you let your customers advertise more
specifics to you, use maximum-prefix filters...
-David Barak-
-Fully RFC 1925 Compliant-
__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com
