is there a clear understanding of "the edge" in the network operations community? in a simpler world, it was not that difficult, but interconnect has blossomed and grown all sorts of noodly appendages/extentions. I fear that edge does not mean what you think it means anymore.
/bill On Thu, Mar 28, 2013 at 01:07:24PM -0400, Jay Ashworth wrote: > In the current BCP38/DDoS discussions, I've seen a lot of people suggesting > that it's practical to do ingress filtering at places other than the edge. > > My understanding has always been different from that, based on the idea > that the carrier to which a customer connects is the only one with which > that end-site has a business relationship, and therefore (frex), the only > one whom that end-site could advise that they believe they have a valid > reason to originate traffic from address space not otherwise known to > the carrier; jack-leg dual-homing, for example, as was discussed in still > a third thread this week. > > The edge carrier's *upstream* is not going to know that it's reasonable > for their customer -- the end-site's carrier -- to be originating traffic > with those source addresses, and if they ingress filter based on the > prefixes they route down to that carrier, they'll drop that traffic... > > which is not fraudulent, and has a valid engineering reason to exist and > appear on their incoming interface. > > Fixing that will require the construction of an entirely new tracking system > at the Tier 2, which is not really the case for the Tier 3 edge carrier, > as I see it - you generally just turn unicast-rpf on for everyone's port, > unless you have a signed waiver in your file cabinet, in which case > you turn it off. > > Am I missing something? > > Or is the overarching problem large enough that people are willing to > throw the baby out with the bathwater? > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink > [email protected] > Designer The Things I Think RFC 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII > St Petersburg FL USA #natog +1 727 647 1274
