nanog mailing list archives
RE: On the back of other 'security' posts....
From: "Greenhalgh, John" <JGreenhalgh () newskies com>
Date: Sun, 31 Aug 2003 14:18:50 +0200
That depends on your definition of edge, I suppose. I define it as the port on one of my routers where the other end of the link is connected to a machine I don't control. In those terms, edge filtering makes sense in some cases and not in others. If it's a dial-up or T1 customer which is a single business, it makes sense. If it's an ISP with a few fortune 500 customers, it doesn't work out as well.
I agree. In the satellite world, such filtering is extremely difficult due to the asymmetric nature of the traffic. A common scenario is that the customer will receive packets from upstream via Provider A to addresses assigned by Provider A. The customer will send packets upstream through Provider B with source addresses belonging to Provider B. If Provider B implements edge filtering, then the only way round is to use GRE tunnels, which gets messy. -- John Greenhalgh
Current thread:
- Re: On the back of other 'security' posts...., (continued)
- Re: On the back of other 'security' posts.... Matthew Crocker (Aug 31)
- Re: On the back of other 'security' posts.... Owen DeLong (Aug 31)
- RE: On the back of other 'security' posts.... Owen DeLong (Aug 30)
- Re: On the back of other 'security' posts.... Richard Cox (Aug 31)
- Re: On the back of other 'security' posts.... Mans Nilsson (Aug 31)
- Re: On the back of other 'security' posts.... Paul Vixie (Aug 31)
- RE: On the back of other 'security' posts.... Stephen J. Wilcox (Aug 31)
- RE: On the back of other 'security' posts.... Terry Baranski (Aug 31)