Re: Anternet
So, if there's more than 4 billion ants... what are they going to do? Andrew On 4/5/2014 1:44 AM, Larry Sheldon wrote: Offered for your amusement--no followup. http://kottke.org/14/04/the-anternet
Re: Anternet
On Sat, Apr 5, 2014 at 2:32 AM, Andrew D Kirch trel...@trelane.net wrote: So, if there's more than 4 billion ants... what are they going to do? there will never be more than 4 billion ants. On 4/5/2014 1:44 AM, Larry Sheldon wrote: Offered for your amusement--no followup. http://kottke.org/14/04/the-anternet
Re: BGPMON Alert Questions
On Friday, April 04, 2014 09:58:42 AM Vitkovský Adam wrote: I wonder when (or if ever) we'll have such a discussion about data packets, i.e. finding that someone is not doing packet-filtering based on BGP updates is absolutely and unacceptably shocking! Well, filtering in the data plane is slightly easier because a single subnet can cover all traffic coming from individual sources or going to individual destinations. In the control plane, the industry like to filter on specific prefixes agreed between customer and provider, especially when using automated tools such as RPSL. This can get hairy as configurations become large, where a single entry with le 24 or le 48 could have sufficed. On the other hand, if you're not automating control plane filters to some extent, it becomes messy as you get bigger. Mark. signature.asc Description: This is a digitally signed message part.
Re: BGPMON Alert Questions
On Friday, April 04, 2014 12:31:35 PM Benno Overeinder wrote: With ROAs published and a small percentage (order of 5%) of the largest ISPs doing route origin validation, this would filter the incorrect announcement and result in about ~98% globally correct routes in the 35000 ASes (this work is done a couple years ago). With no route origin validation (or any other filtering) the percentage of correct routes at the ASes would be ~25% globally. Again, this was a specific scenario. So do you know whether anyone has any idea about what the top 10 global carriers are doing re: RPKI? Thinking? Justifying? Testing? Ignoring? Mark. signature.asc Description: This is a digitally signed message part.
Re: BGPMON Alert Questions
On Friday, April 04, 2014 05:17:36 PM Sharon Goldberg wrote: Right, we didn't include that in our analysis because we didn't have a good sense for how many ISPs actually do filter their downstream downstreams. So we chose to give a conservative estimate of the impact of prefix filtering in partial deployment: we assumed that no one filters their downstreams downstreams. I'm honestly not sure exactly what including this assumption would do to our results, except to say that it would make them better (ie. that more attacks would be stopped). Might be a good experiment for one of my summer interns. I've typically been on the side where we filter just the downstream and apply AS_PATH filtering liberally for their downstreams. At $current_job, we're now filtering both downstream and downstream's downstreams on AS_PATH + prefix list, taking the prefix aggregate and suffixing le 24 or le 48. We are now thinking about how to scale this without using RPSL, as that creates lots and lots of clutter in the configuration, as well as sub-optimal forwarding when customers are sending routes you aren't accepting when they forget that RPSL-based filtering is prefix-specific. Mark. signature.asc Description: This is a digitally signed message part.
Re: Anternet
On 4/5/2014 2:32 AM, Andrew D Kirch wrote: So, if there's more than 4 billion ants... what are they going to do? Who knows, but they'll definitely need IPv6 :) Jeff
Re: Anternet
Large Scale aNt will be good enough. Plus this has security advantages. On Saturday, April 5, 2014, Jeff Kell jeff-k...@utc.edu wrote: On 4/5/2014 2:32 AM, Andrew D Kirch wrote: So, if there's more than 4 billion ants... what are they going to do? Who knows, but they'll definitely need IPv6 :) Jeff -- Tim:
Re: Anternet
This has been a solved problem for a long time. You just need to implement Virtual Local Ant Nest (VLAN) and use overlapping local address schemes. On 4/5/2014 2:32 AM, Andrew D Kirch wrote: So, if there's more than 4 billion ants... what are they going to do? Andrew On 4/5/2014 1:44 AM, Larry Sheldon wrote: Offered for your amusement--no followup. http://kottke.org/14/04/the-anternet
Re: Anternet
--- jeff-k...@utc.edu wrote: On 4/5/2014 2:32 AM, Andrew D Kirch wrote: So, if there's more than 4 billion ants... what are they going to do? :: Who knows, but they'll definitely need IPv6 :) --- http://imgs.xkcd.com/comics/nanobots.png :-) scott
