On Tue, Feb 4, 2014 at 1:03 PM, Jared Mauch <jared@puck.nether.net> wrote:
On Feb 4, 2014, at 11:52 AM, William Herrin <bill@herrin.us> wrote:
Those that are up in arms about this stuff seem to not be the ones asking the vendors for features and fixes.
Like I said, the "tier 1's" can't be the source of the solution until they stop being part of the problem.
This is the attitude that I've seen elsewhere that is devoid of any meat. As I said before, we hit a big preventing the ability to do this even if we wanted to. The impact is drop all traffic or permit all in that case.
Hi Jared, I'm not confident you caught the implications of what I said. At the reciprocal peering link, you don't drop the spoofed traffic. You let it flow. You then charge a penalty when it turns out the peering traffic includes spoofed packets. The impact isn't drop or permit. It's dollars. Those who can't or won't control their customer links (where they trivially know what addresses are allowed) start to pay large amounts of money where they peer. More money than it takes to to properly implement customer-link filters so that they don't send spoofed packets to the peer. No new tech. No blocking. Just cashflow. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004