On Fri, Mar 8, 2019 at 5:11 PM Saku Ytti <s...@ytti.fi> wrote: > Personally I'm surprised if ICMP volume is relevant based on our > netflow data.
Legitimate ICMP traffic volume — oh, that's for sure. But when it comes to attack volumes, it's a different story, and current netflow measurements might be a bad indicator here, as in "peacetime generals are always fighting the last war instead of the next one". > You are proposing that in this case, there is no such issue of > delivering ICMPv6 messages to correct host Guaranteed delivery of untrusted remote messages to exactly the particular host behind an equal cost fanout, if allowed in a DDoS mitigation network, is itself a problem, but that has been discussed in detail in the Section 6 of RFC 6437. My point is that it might be hard to find an affordable device that implements ECMP with v6 flow labels without a considerable performance impact. I would personally happy to see what others have tested in that regard. -- Töma
