Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Fri, Dec 07, 2018 at 11:05:35AM +1300, Brian E Carpenter wrote:
> On 2018-12-06 22:13, Gert Doering wrote:
> > On Thu, Dec 06, 2018 at 01:48:29PM +1300, Brian E Carpenter wrote:
> >> And I don't think that is an oversight. The *definition* of "router"
> >> for IPv6 is "a node that forwards IPv6 packets not explicitly addressed
> >> to itself." No mention of filtering, classification, admission control,...
> > 
> > This definition of a router is nice, but such a device will not be 
> > useful in today's Internet.
> 
> Are you saying that *every* router in a carrier network needs to
> perform filtering? I would have thought that this would be done
> where necessary, but intentionally avoided elsewhere, to reduce
> energy consumption and improve throughput. Anyway...

As of today, every border router connecting to other networks needs to
be able to do inbound rate-limiting by traffic class.

Networks interconnect with 10G to multiple 100G, and inbound DDoS 
nicely utilizes these pipes.  Customer connections and internal network
connections get filled, so you rate-limit the obvious crap ("inbound
large NTP packets with many Gbit/s") at your borders to protect the 
customer links and the internal network infrastructure.

Inside the network, you could have "pure" forwarding devices that
do not need to inspect L4/EH for transit traffic - correct.

(We do observe hardware being developed around merchant silicon that
actually specializes more and more for the "P" role - fast, cheap,
and little support for anything but "forwarding")

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux