On Tue, Feb 4, 2014 at 2:28 PM, William Herrin <bill@herrin.us> wrote:
On Tue, Feb 4, 2014 at 2:08 PM, Doug Barton <dougb@dougbarton.us> wrote:
On 02/04/2014 08:04 AM, William Herrin wrote:
If just three of the transit-free networks rewrote their peering contracts such that there was a $10k per day penalty for sending packets with source addresses the peer should reasonably have known were forged, this problem would go away in a matter of weeks.
Won't work because no one will sign that contract.
Hi Doug,
Verizon Business is willing to do settlement-free peering with you but
you forgot an IF there, right? All of these 'get N tierM networks to peer and agree to penalties amongst eachother in the case of Y happening' discussions sound a LOT like longdistance settlement regimes. There's a nice fellow in tcpm/iccrwg in the ietf that's happy to talk a lot about 'red packets' and 'black packets' and congestion and cost shifting for this sort of thing. which frankly sounds almost exactly like the conversation about spoofed packets. In a world where folk connect to a peering fabric and default-route toward a peer, or never send routes to a peer yet prefer paths across that peer... or hell, do this with their ISP network connections. How does one tell that 'ISPX sent me a packet that is spoofed' ? how does that hold up in court? (which will happen eventually when the billing dispute goes south... and will happen months after the event in question.) It's a laudable goal, to do some enforcement of bcp38-like functions, but doing at SFP links is frankly impactical and bound to fail. Instead, concentrate on the customer edge of the problem and solve things there, eh? -chris