|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Who does source address validation? (was Re: what's that smell?)
[email protected] (Sean Donelan) writes: > If c.root-servers.net provider did this, they wouldn't see any RFC1918 > traffic because it would be dropped at their provider's border routers. Right. But then I wouldn't be able to measure it, which would be bad. > If c.root-servers.net provider's peer did this, again c.root-servers.net > provider wouldn't see the rfc1918 packets. This is the single case where not being able to measure/complain would be OK, because the problem wouldn't be "in the core", it would be (correctly) stopped at the source-AS. > So why doesn't c.root-servers.net provider or its peers implement this > "simple" solution? Its not a rhetorical question. If it was so simple, > I assume they would have done it already. C-root's provider is also C-root's owner, and they have offerred to shut this traffic off further upstream, as F-root's network operators were doing until yesterday, but I asked that it not be filtered anywhere except C-root itself (where I can measure it) or distant source-AS's (which is where it makes sense.) -- Paul Vixie
|