[69629] in North American Network Operators' Group
Re: Lazy network operators
daemon@ATHENA.MIT.EDU (Niels Bakker)
Fri Apr 16 12:44:45 2004
Date: Fri, 16 Apr 2004 18:44:05 +0200
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <20040416151337.995BA13EC6@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
>> On the other hand, we've had DDoS prevention mechanisms (based on
>> multiple rate-limiters, for different kinds of packets) deployed for
>> over 6 months now. They seem to work just fine, are always active,
>> and require no state in the network.
* paul@vix.com (Paul Vixie) [Fri 16 Apr 2004, 17:14 CEST]:
> you know how to rate-limit without state in the network? please explain.
Unlike PNAT, you don't need to look at packets traveling both ways.
This is a plus, I suppose.
-- Niels.
