What is the business model for the IX? Unauthorized filtering of incoming traffic risks collateral damage and outing exchange members seems problematic. The business model seems clearer when offering filtering as a service to downstream networks, the effects are narrowly scoped, and members have control over the traffic they accept from the exchange, e.g. I don't want to accept NTP traffic to any destination that exceeds 1Gbit/s, or is sourced from an NTP server on my blacklist. Giving policy control to the downstream allows them to protect their networks and make business decisions about how they want to prioritize services and customers when resources are constrained. Would exchange members pay for this type of control? DDoS mitigation appears to be less of a technical problem than an issue of misaligned costs and benefits. How do you create incentives for upstream providers to invest in solutions when the benefits accrue downstream? On Sun, Feb 23, 2014 at 7:14 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
On Sun, 23 Feb 2014, Chris Laffin wrote:
Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?
If only there was more focus on the BCP38 offenders who are the real root cause of this problem, I would be more happy.
I would be more impressed if the IXes would start to use their sFlow capabilities to find out what IX ports the NTP queries are coming to backtrace the traffic to the BCP38 offendors than try to block the NTP packets resulting from these src address forged queries.
-- Mikael Abrahamsson email: swmike@swm.pp.se