nanog mailing list archives
Re: Filter NTP traffic by packet size?
From: Peter Phaal <peter.phaal () gmail com>
Date: Sun, 23 Feb 2014 09:03:59 -0800
What is the business model for the IX? Unauthorized filtering of incoming traffic risks collateral damage and outing exchange members seems problematic. The business model seems clearer when offering filtering as a service to downstream networks, the effects are narrowly scoped, and members have control over the traffic they accept from the exchange, e.g. I don't want to accept NTP traffic to any destination that exceeds 1Gbit/s, or is sourced from an NTP server on my blacklist. Giving policy control to the downstream allows them to protect their networks and make business decisions about how they want to prioritize services and customers when resources are constrained. Would exchange members pay for this type of control? DDoS mitigation appears to be less of a technical problem than an issue of misaligned costs and benefits. How do you create incentives for upstream providers to invest in solutions when the benefits accrue downstream? On Sun, Feb 23, 2014 at 7:14 AM, Mikael Abrahamsson <swmike () swm pp se> wrote:
On Sun, 23 Feb 2014, Chris Laffin wrote:Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?If only there was more focus on the BCP38 offenders who are the real root cause of this problem, I would be more happy. I would be more impressed if the IXes would start to use their sFlow capabilities to find out what IX ports the NTP queries are coming to backtrace the traffic to the BCP38 offendors than try to block the NTP packets resulting from these src address forged queries. -- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- Re: Filter NTP traffic by packet size?, (continued)
- Re: Filter NTP traffic by packet size? Carsten Bormann (Feb 22)
- Re: Filter NTP traffic by packet size? Cb B (Feb 22)
- Re: Filter NTP traffic by packet size? Carsten Bormann (Feb 22)
- Re: Filter NTP traffic by packet size? Randy Bush (Feb 22)
- Re: Filter NTP traffic by packet size? Nick Hilliard (Feb 22)
- Re: Filter NTP traffic by packet size? Paul Ferguson (Feb 22)
- Re: Filter NTP traffic by packet size? Chris Laffin (Feb 22)
- Re: Filter NTP traffic by packet size? Peter Phaal (Feb 22)
- Re: Filter NTP traffic by packet size? Chris Laffin (Feb 23)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? Peter Phaal (Feb 23)
- Re: Filter NTP traffic by packet size? sthaug (Feb 23)
- Re: Filter NTP traffic by packet size? Lukasz Bromirski (Feb 23)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? George William Herbert (Feb 23)
- Re: Filter NTP traffic by packet size? Royce Williams (Feb 23)
- Re: Filter NTP traffic by packet size? Royce Williams (Feb 23)
- Re: Filter NTP traffic by packet size? joel jaeggli (Feb 23)
- RE: Filter NTP traffic by packet size? James Braunegg (Feb 23)
- Re: Filter NTP traffic by packet size? sjt5atra (Feb 24)
- Re: Filter NTP traffic by packet size? Jérôme Nicolle (Feb 28)