Hi, one observation and one question. The observation is that anything on the open Internet that provides a service can be subject to Denial of Service – and, I am not just talking about the LISP mapping system. The question is how is it that we have not yet seen DoS attacks take down critical Internet services such as online banking; have we just been lucky up to now?
Thanks - Fred From: lisp [mailto:[email protected]] On Behalf Of Padma Pillay-Esnault Sent: Saturday, October 29, 2016 10:39 AM To: Dino Farinacci <[email protected]> Cc: [email protected]; [email protected] Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System On Sat, Oct 29, 2016 at 10:20 AM, Dino Farinacci <[email protected]<mailto:[email protected]>> wrote: > In section 5 of draft-padma-ideas-problem-statement, there is a section in > the table which specifically discuss about the structure of IDs and whether > we should used them for specific classes or as the Network Mapping system is > proposing to attach metadata to ID. Maybe we can experiment with the EID-prefix block 2001:5::/32 from RFC 7954/7955 to allocate sub-blocks from large regions of the world. Yes, geographical allocations without the issue of the past, since EIDs are not injected into the underlay routing and are not based on Internet topology. Do this first and then decide which, say continent block is registered to a regional mapping system. And if an ID needs to register to multiple mapping systems. The mapping systems should considered to be relatively local in scope and may overlap. This could help mitigate DoS attacks to a smaller (but still scalable) part of the infrastructure. <Padma> Agree. Thanks Padma Dino
_______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
