> On Dec 31, 2015, at 6:50 PM, Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote: > > > Jared Mauch <jared@xxxxxxxxxxxxxxx> wrote: >> But for the small percentage of spoofed packets, the cost on the rest >> is so high when we are often PPS limited on even the largest routers. >> The 40-byte packet benchmark of >> the late 90s isn’t seen today. > > Tragedy of the commons... the cost here is balanced by the root name server > operators dealing with regular multi-Gb/s attacks. > > (The last one, which seems to have been the largest to date, it is unclear to > me if it was with forged source address) > > http://www.root-servers.org/news/events-of-20151130.txt Yup, not news to me (at least). We have a lot of DNS providers, including root servers behind our network. It’s often cheaper to throw more servers and bandwidth at the problem. - Jared