On Wed, Aug 18, 2004 at 05:31:47PM -0400, Richard A Steenbergen wrote:
On Wed, Aug 18, 2004 at 02:18:32PM -0700, David A. Ulevitch wrote:
<quote who="Richard A Steenbergen">
Is it really enough traffic that you, as a root server operator, can't just suck it up and deal? Sure there are going to be a few folks who are misconfigured, but I can't imagine that it is enough to cause operational issues.
No, no operational issues at all from RFC1918 space....
http://www.as112.net/ (just to drop the most well documented example...)
That looks like a 1918 issue to me... Lets be clear about the difference between a DNS query for 1918 space and a DNS query sources from 1918 space which can never be returned too.
Yes I'm sure it is annoying, but the questions are:
How much EXTRA load does it really place on the rootservers? Is it really so much load that you can't just chalk it up to a normal part of the service being provided?
Or to put it another way:
How much computing power would I need to buy you so that I never have to hear complaints about queries from 1918 space on a mailing list again? :)
Let me put it the ultimate way: How many routers, linecards, configs, etc.. need to be upgraded to insure that there is source address validation. I want to insure that every packet I deliver to my end-customers is from a real host on the other side. Even if it's 0wned, i want to pass that packet until such time as our security team is notified and works to mitigate it. We (AS2914) attempt to insure that packets our customers pass to our network are from address space they are registered/authorized to pass. I know that AT&T (AS7018) does this as well with their customers. Anyone that isn't working on this (even slowly) is helping contribute to part of the problem/mess of rfc1918 sourced packets leaking to the internet. While there is a cost on operators of services (eg: Paul/ISC in f.root ops), it's not just the 1918 sourced packets you should be worried about, it's the people spoofing others ips... While enabling u-rpf in one of our pops, i was watching what sources were coming in on the links to insure that we were not dropping the wrong packets, or the customers didn't need to really source packets from those ranges.. a lot of machines were spewing packets from random ips on the other side of the world (europe, asia) that should not have been coming from machines in the US behind some random T1 customer.. Router#deb ip cef drops ? rpf Packets dropped by CEF Unicast RPF - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.