On Fri, 5 Mar 2004, Dan Hollis wrote:
On Fri, 5 Mar 2004, Christopher L. Morrow wrote:
the packets as possible. Nebulous filtering and dropping of miniscule amounts of traffic in the core of a large network is just a waste of effort and false panacea.
uunet does operate lots of dialup RAS though correct? any reason why urpf is not reasonable there?
For some sure, for others perhaps not :( We have some customers with dedicated networks over dial, some with dial-backup and even some with dsl backup.
just because its not perfect and doesnt solve every problem doesnt mean its useless.
Sure, I'm just not really sure that the core is the right place to do this... I agree that the edge is a fine place, I'd prefer not my edge :) but the edge is the right place. You can make all the decisions correctly there, you can not in the core.
miniscule amounts of traffic in uunet's core is still enough to ddos many a victim into oblivion. anyone who has been ddos'd by uunet customers can appreciate that.
miniscule is enough to cause problems in anyone's network.... the point here was: "Core isn't the right place for this" I wasn't really trying to argue the 'urpf is good' or 'urpf is bad' arguement, just the placement. Sorry if I made that confusing earlier. --Chris (formerly chris@uu.net) ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## #######################################################