nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IAB concerns against permanent deployment of edge-based filtering

From: bmanning () karoshi com
Date: Mon, 20 Oct 2003 05:00:58 -0700 (PDT)




prudent/paranoid folk over the years have persuaded me that
it makes the best sense to only run those applications/services
that I need to and shut off everything else - until/unless there
is a demonstrated need for it.  


very true for a host, even somewhat true for a site.  very untrue
for a backbone.

randy



there appears to be a disconnect in the wording of the IAB document:
it starts: 
----
IAB concerns against permanent deployment of edge-based filtering

The IAB notes that there ISPs/ASes undertaking permanent deployment of
edge-based protocol number/port number packet filtering on traffic
received from eBGP peers.
----
        it can be viewed from the perspective of a transit provider
        looking toward its edges, the clients.

        it can be viewed from the perspective of a multihomed client    
        looking toward its edges, the transit providers.

        which one you take depends on where you start... :)

        then there is the idea of "permanent" deployment ...
        little is permanent in networking.  the hard problem
        is when vendors put filters in silicon. :(

--bill
Previous By Date Next
Previous By Thread Next

Current thread: