Hi,
On Fri, Dec 07, 2018 at 11:05:35AM +1300, Brian E Carpenter wrote:
> On 2018-12-06 22:13, Gert Doering wrote:
> > On Thu, Dec 06, 2018 at 01:48:29PM +1300, Brian E Carpenter wrote:
> >> And I don't think that is an oversight. The *definition* of "router"
> >> for IPv6 is "a node that forwards IPv6 packets not explicitly addressed
> >> to itself." No mention of filtering, classification, admission control,...
> >
> > This definition of a router is nice, but such a device will not be
> > useful in today's Internet.
>
> Are you saying that *every* router in a carrier network needs to
> perform filtering? I would have thought that this would be done
> where necessary, but intentionally avoided elsewhere, to reduce
> energy consumption and improve throughput. Anyway...
As of today, every border router connecting to other networks needs to
be able to do inbound rate-limiting by traffic class.
Networks interconnect with 10G to multiple 100G, and inbound DDoS
nicely utilizes these pipes. Customer connections and internal network
connections get filled, so you rate-limit the obvious crap ("inbound
large NTP packets with many Gbit/s") at your borders to protect the
customer links and the internal network infrastructure.
Inside the network, you could have "pure" forwarding devices that
do not need to inspect L4/EH for transit traffic - correct.
(We do observe hardware being developed around merchant silicon that
actually specializes more and more for the "P" role - fast, cheap,
and little support for anything but "forwarding")
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Attachment:
signature.asc
Description: PGP signature
