On 8/14/18 7:27 PM, Randy Bush wrote:
< rathole > i am not much worried about a mesh which floods unicast. can you even buy devices which support that any more? a while back, i had to really dig in the closet to find one at 100mbps so i could shark mid-stream.
I'm not actually worried about it because it is rare, and not a feature, that said, unicast flooding is in fact something we detect on exchanges with a fair amount of frequency e.g. 2-3 a week across the exchanges were we are present. That traffic gets discarded on our ingress but you can count dport 179 packets in there that aren't yours. I certainly wouldn't build a business model around gaining insight from that information leakage (and the bulk of the traffic is whatever the neighbor is exchanging, with someone else, from looking at mac's that sort of thing tends to be one sided unless for example it's a whole switch).
I have thousands of establish connections that last a very long time at public exchange points, so the threat of tcp rsts to sessions is clearly not being realized.