Peace,
On Sun, Aug 8, 2021, 5:20 AM Tom Herbert <tom@xxxxxxxxxxxxxxx> wrote:
I don't see DDOS mentioned in this thread.
You might have some serious procmail configuration...
Check out the archives: https://mailarchive.ietf.org/arch/browse/ietf/
If the concern is that an
attacker could DDOS an individual address then I'd point out that all
unicast addresses are susceptible to that anyway.
Exactly my point.
Using anycast as a
mitigation to DDoS doesn't seem like a great idea considering the
problems being discussed here.
It's quite the opposite: using anycast to mitigate DDoS is the only proper way to do it, because, basically, DDoS traffic, generated in thousands of locations on the globe, cannot be handled when accumulated in one place.
Either you have multiple traffic termination points on the net (a.k.a. anycast), each as close to some traffic generation point as possible, or you'll end up having capacity overload around your last mile. This is the equation fundamental to the Internet, while the implementation issues discussed here are hardly more than just typical software engineering tasks.
--
Töma