I think that this is the wrong approach. Better to monitor it, prove that it happened, and remove offenders from the IXP's altogether. The IXP contracts should include just such a provision. I don't disagree. Do you have tools for reliably detecting unacceptable default route usage? Until those tools are available and until IXP's agree to police their interconnects, the MAC filtering approach is the only real solution available. Your fellow IXP members are deserving of your trust, until they show that they aren't, and the paternalistic "let's remove the temptation" approach is just offensive. This is a nice thought, entirely approprate for a more cooperative Internet of an earlier age. Unfortunately, today it would seem that "better fences make better neighbors" is a far more practical philosophy. --Vince
I don't disagree. Do you have tools for reliably detecting unacceptable default route usage? Until those tools are available and until IXP's agree to police their interconnects, the MAC filtering approach is the only real solution available.
I've long thought that the routers should be able to reject packets which come from MAC addresses to whom no route has been offered for the destination. Tony and Jerry and Andrew and Hank and Joe have all explained to me why the current Cisco design makes this impossible, but I can dream. (Perhaps Cisco's hopeful competitors will take this as a product requirement.) But let me turn it around. With no means of detection, why do we suspect that it's a problem? That is, why doesn't the cause for suspicion also work as a means of detection?
participants (2)
-
Paul A Vixie
-
Vince Fuller