Hi, On Fri, Dec 07, 2018 at 11:05:35AM +1300, Brian E Carpenter wrote: > On 2018-12-06 22:13, Gert Doering wrote: > > On Thu, Dec 06, 2018 at 01:48:29PM +1300, Brian E Carpenter wrote: > >> And I don't think that is an oversight. The *definition* of "router" > >> for IPv6 is "a node that forwards IPv6 packets not explicitly addressed > >> to itself." No mention of filtering, classification, admission control,... > > > > This definition of a router is nice, but such a device will not be > > useful in today's Internet. > > Are you saying that *every* router in a carrier network needs to > perform filtering? I would have thought that this would be done > where necessary, but intentionally avoided elsewhere, to reduce > energy consumption and improve throughput. Anyway... As of today, every border router connecting to other networks needs to be able to do inbound rate-limiting by traffic class. Networks interconnect with 10G to multiple 100G, and inbound DDoS nicely utilizes these pipes. Customer connections and internal network connections get filled, so you rate-limit the obvious crap ("inbound large NTP packets with many Gbit/s") at your borders to protect the customer links and the internal network infrastructure. Inside the network, you could have "pure" forwarding devices that do not need to inspect L4/EH for transit traffic - correct. (We do observe hardware being developed around merchant silicon that actually specializes more and more for the "P" role - fast, cheap, and little support for anything but "forwarding") Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Attachment:
signature.asc
Description: PGP signature