Marco, Also might we distinguish if you are referring to spoofed packets, which is what uRPF is about? Non-spoofed DDoS, both in-bound and out-bound is not something that BCP-84 addresses. That problem still exists and still must be dealt with by other means.
Given the prelevence of reflection DDoS attacks in the Internet today, focusing on mitigating those attacks that rely on IP-spoofing seems worth while. dougm — Doug Montgomery, Mgr Internet & Scalable Systems Research at NIST/ITL/ANTD On 11/9/16, 1:17 PM, "GROW on behalf of Sriram, Kotikalapudi (Fed)" <[email protected] on behalf of [email protected]> wrote: >>I am not sure if anyone would ever deploy such mechanism. >>For contents it's useless as they have to filter DDoSes before they >>reach their network. >>For carriers is poorly scalable as they'd have to configure thousands of >>prefixes. >>It could make sense for eyeballs but they hardly would drop all the >>traffic >>from their customers even if they're participating in a DDoS >>(also note that inbound customer traffic is rarely an issue for eyeballs) > >Marco, > >Can you please clarify for me the following? >1. Are your comments directed at uRPF (BCP-84) in general? >2. If not, are they directed specifically at strict or feasible-path uRPF? > >Once I get clarity into that I think I can better address your concerns. > >Thanks. >Sriram > > >_______________________________________________ >GROW mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/grow _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
