Home page logo
/

nanog logo nanog mailing list archives

Re: preventing future situations like panix
From: Bill Woodcock <woody () pch net>
Date: Mon, 23 Jan 2006 12:21:30 -0800 (PST)


      On Mon, 23 Jan 2006, Todd Underwood wrote:
    > > It seems like most of the routers which would need to make this decision 
    > > wouldn't have adequate information upon which to do so...  
    > not necessarily.  the decision could be made in "near real time" by
    > building prefix filters based on the algorithms that josh and co have
    > worked on and leaving a 'default deny' in place.  this moves the
    > routing decision off of the router (which i agree does not have the
    > history or resources to take these additional vectors of information
    > into account) and over to a server with more storage and computational
    > capacity.  

Agreed, if you're willing to suppose that routing decisions will be 
centralized, and static RIBs pushed down into things that look more like 
switches, many many many problems go away, to be replaced by the other 
problem: out-of-band control plane and detection of forwarding plane 
failures.

I did a bunch of work with the Agilent guys on that five years ago or so, 
and found it really fascinating, in a what-if alternate-universe sort of 
way.

                                -Bill


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault