lto:n...@foobar.org]
Sent: Sunday, March 02, 2014 2:01 PM
To: Vitkovský Adam; Jérôme Nicolle; nanog@nanog.org
Subject: Re: Filter on IXP
On 02/03/2014 12:45, Vitkovský Adam wrote:
>> On the other hand, if a member provides transit, he will add its
>> customer prefixes to RaDB / RIPEdb
On Sun, Mar 2, 2014 at 4:00 AM, Nick Hilliard wrote:
> There are many places where automated RPF makes a lot of sense. An IXP is
> not one of them.
That make sense. Everyone is rightly resistant to automated filtering.
But could we automate getting the word out instead?
Can obvious BCP38 clu
On 02/03/2014 12:45, Vitkovský Adam wrote:
>> On the other hand, if a member provides transit, he will add its
>> customer prefixes to RaDB / RIPEdb with appropriate route
>> objects and the ACL will be updated accordingly. Shouldn't break there.
>
> And that's a really nice side effect.
and i
oses.
I'm not well versed with RIPE myself so I'm not sure whether there's a way to
handle this situation.
adam
-Original Message-
From: Jérôme Nicolle [mailto:jer...@ceriz.fr]
Sent: Friday, February 28, 2014 6:03 PM
To: Nick Hilliard; nanog@nanog.org
Subject: Re: Filter
Le 28/02/2014 17:52, Nick Hilliard a écrit :
> this will break horribly as soon as you have an IXP member which provides
> transit to other multihomed networks.
It could break if filters are based on announced prefixes. That's
preciselly why uRPF is often useless.
On the other hand, if a member p
On Feb 28, 2014, at 11:52 , Nick Hilliard wrote:
> On 28/02/2014 15:42, Jérôme Nicolle wrote:
>> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
>> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
>> the role of BCP38 offenders within member ports. It's
On 28/02/2014 15:42, Jérôme Nicolle wrote:
> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
> the role of BCP38 offenders within member ports. It's almost like uRPF
> in an intelligent and useable form.
Hi Randy,
Le 28/02/2014 17:15, Randy Bush a écrit :
> clearly you have not been reading this list for very long
Well... Busted. All things considered, there surelly has been more
stupid proposals.
--
Jérôme Nicolle
+33 6 19 31 27 14
Le 28/02/2014 17:00, Jay Ashworth a écrit :
>> From: "Jérôme Nicolle"
>> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
>> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
>> the role of BCP38 offenders within member ports. It's almost like uRPF
>> in a
>> It would be really cool if peering exchanges could police ntp on
>> their connected members.
> Well, THIS looks like the worst idea ever.
while i agree that this is an extremely stupid idea, clearly you have
not been reading this list for very long
randy
- Original Message -
> From: "Jérôme Nicolle"
> Le 23/02/2014 01:43, Chris Laffin a écrit :
> > It would be really cool if peering exchanges could police ntp on
> > their connected members.
>
> Well, THIS looks like the worst idea ever. Wasting ASIC ressources on
> IXP's dataplanes is a
Hi Chris,
Le 23/02/2014 01:43, Chris Laffin a écrit :
> It would be really cool if peering exchanges could police ntp on their
> connected members.
Well, THIS looks like the worst idea ever. Wasting ASIC ressources on
IXP's dataplanes is a wet-dream for anyone willing to kill the network.
IXP's
12 matches
Mail list logo
