nanog mailing list archives
Re: best practice for advertising peering fabric routes
From: Leo Bicknell <bicknell () ufp org>
Date: Tue, 14 Jan 2014 22:03:07 -0600
On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore <patrick () ianai net> wrote:
So Just Don't Do It. Setting next-hop-self is not just for "big guys", the crappiest, tiniest router that can do peering at an IXP has the same ability. Use it. Stop putting me and every one of your peers in danger because you are lazy.
I'm going to have to disagree here with Patrick, because this is security through obscurity, and that doesn't work well. For some history about why people like Patrick take the position he did, read: http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet Exchange points got attacked, so people yanked them from the routing table hoping to prevent attacks. If you're on this list it should take you all of about 3 seconds to realize the attackers could do a traceroute, and attack the IP one hop on the far side of the exchange for a few dozen providers and still cause all sorts of havoc, or do any of another half dozen things I won't mention to cause problems. The effect would be nearly, if not perfectly identical, since that traffic still has to cross the exchange. I'll point out the MTU step-down issue is real, and it's part of why we can't have 9K MTU exchanges be the default on the Internet, which would really make things better for a significant number of users. I think Patrick is a bit quick to dismiss some of the potential issues. Every link on every router is subject to attack. Exchange point LAN's really aren't special in that regard. If anything the only thing that makes them slightly special is that they may in fact be more oversubscribed than most links. Where a backbone might have a router with 20x10GE, so attackers could try and drive 190GE out a 10GE in theory; an exchange point may have 100 people with 20x10GE coming in. An alternate view that mega-exchange points are massively oversubscribed potential single points of failure, and perhaps network operators should consider that. While a DDOS taking an exchange down for half a day is bad, imagine if there was a more sinister attack, taking out the physical infrastructure of an exchange. That can't be "fixed" with a routing advertisement. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: best practice for advertising peering fabric routes, (continued)
- Re: best practice for advertising peering fabric routes Eric A Louie (Jan 14)
- Re: best practice for advertising peering fabric routes Michael Hallgren (Jan 15)
- Re: best practice for advertising peering fabric routes Mark Tinka (Jan 15)
- Re: best practice for advertising peering fabric routes William Herrin (Jan 15)
- Re: best practice for advertising peering fabric routes Patrick W. Gilmore (Jan 15)
- RE: best practice for advertising peering fabric routes Siegel, David (Jan 15)
- Re: best practice for advertising peering fabric routes William Herrin (Jan 15)
- Re: best practice for advertising peering fabric routes Florian Weimer (Jan 18)
- Re: best practice for advertising peering fabric routes Patrick W. Gilmore (Jan 14)
- Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 14)
- Re: best practice for advertising peering fabric routes Patrick W. Gilmore (Jan 14)
- Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 14)
- Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 15)
- Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 15)
- Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 15)
- Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 15)
- Re: best practice for advertising peering fabric routes Leo Bicknell (Jan 15)
- Re: best practice for advertising peering fabric routes Dobbins, Roland (Jan 15)