Yeah, You could count packets or you could forward them not both. ACLs could crash everything. Retrieving the config via SNMP would crash a router. I gotta get back into an ISP and get a new set of stories to tell. jy On Apr 18, 2009, at 10:29 PM, Deepak Jain wrote:
Remember when you didn't want to put in ACLs because you'd blow out the cpu on the router/card?
Ahhhhh... That made networking fun!
Deepak
----- Original Message ----- From: Jeff Young <young@jsyoung.net> To: Nick Hilliard <nick@foobar.org> Cc: Paul Vixie <vixie@isc.org>; nanog@merit.edu <nanog@merit.edu> Sent: Sat Apr 18 20:45:48 2009 Subject: Re: IXP
Best solution I ever saw to an 'unintended' third-party peering was devised by a pretty brilliant guy (who can pipe up if he's listening). When he discovered traffic loads coming from non-peers he'd drop in an ACL that blocked everything except ICMP - then tell the NOC to route the call to his desk with the third party finally gave up troubleshooting and called in...
fun memories of the NAPs...
jy
On Apr 18, 2009, at 11:35 AM, Nick Hilliard wrote:
On 18/04/2009 01:08, Paul Vixie wrote:
i've spent more than several late nights and long weekends dealing with the problems of shared multiaccess IXP networks. broadcast storms, poisoned ARP, pointing default, unintended third party BGP, unintended spanning tree, semitranslucent loops, unauthorized IXP LAN extension... all to watch the largest flows move off to PNI as soon as somebody's port was getting full.