On Sat, 12 Jul 1997, Randy Bush wrote:
routers. I'm just saying the net would be a MUCH nicer place if NSP's all did ingress filtering on their customer connections. If current routers can't handle the load this would create, then NSP's need to find vendors willing to deliver the necessary power, or they need to rethink the way they design their networks.
Most of my customers have customers who in turn have customers, not a few of whom are multi-homed. Same for UUNET, ...
So, at POP X, I take in maybe 100 prefixes, with maybe 1000 at some POPs. How do I build and maintain that filter list, and how long does it take each packet to get through it with a router that also does real routing?
I've got this big pile of money and hardware. How do I turn it into an international internet backbone? A certain minimal level of network security should be a part of any responsible network. Perhaps its not practical to run with filters on every router...especially core and big exchange routers. But you can strongly encourage (perhaps require) that all your customers enforce sane filters where applicable. Somewhere in the internet food chain, it is very much practical to install filters, and someone needs to make sure they are in place. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ________Finger jlewis@inorganic5.fdt.net for PGP public key_______