Recently, alex@yuriev.com (Alex Yuriev) wrote:
So, electric grids do not have any mechanisms to disconnect from other grids ( ie, stop "transiting" their electricity ) if one is doing something that causes problems on the local grid? As a customer I would very much like my provider to filter out waveforms that would prevent their ability to provide me with my service.
They disconnect the SOURCE of the problem forcing the SOURCE to behave. That is equivalent of forcing the ES to behave.
Unfortunately, as the Northeast seaboard of the US discovered not too long ago, the electrical system is somewhat like the Internet; it attempts to route around failures, meaning that simply shutting down the link along which the damaging waveform is propagating does not prevent it from entering your grid; it simply follows a different pathway in. And in shutting down the direct pathway, you may well cause more stability problems as the flow shifts onto alternate interconnects. Likewise, if I am network A, and a customer of mine is sending attack packets towards a customer of network B, simply shutting down the peering links between network A and network B does nothing to prevent the attack packets from entering network B. Network B would have to isolate itself completely from the rest of the Internet core in order to ensure my bad packets did not enter their network. Anything less, and as long as there is some transit path that can be used to get from my network to network B, the attack packets will still flow and enter network B. I don't think anyone here would defend isolating themselves from the rest of the Internet as being a "better" solution than say putting in filters to block port 1434 traffic.
Traffic to port X cannot be specified as valid or invalid for any IS, because the IS does not know why such traffic exists.
We're not saying the traffic is invalid; we're saying the traffic is causing us harm. As with most organisms, there is a strong instinct for self-preservation. If the traffic is causing extensive degredation to the IS, it's better for the IS to try to preserve itself by limiting the impact of the traffic, regardless of whether it is valid or not. I'm starting to get the sense that you've never actually been in the hot seat of a major network before, so for the sake of everyone who has, who is no doubt getting rather tired of your stubborn stance, I'll make this my last public response on the issue. Feel free to continue this via private email if you'd like.
Alex
Matt