North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Important IPv6 Policy Issue -- Your Input Requested
On 2004-11-09-17:10:02, "Network.Security" <[email protected]> wrote: > We receive a disturbingly large amount of traffic sourced from the 1918 > space destined for our network coming from one of our normally > respectable Tier 1 ISP's (three letter acronym, starts with 'M', ends > with 'CI'). > > This is particularly irritating since we pay for burstable service; nice > that we are paying for illegitimate traffic to come down our pipes. > Their answer to this issue was: our routers can't handle the additional > load that filtering 1918 traffic would cause. > > That's odd, I didn't think routing to Null0 (or equivalent) was all that > taxing, I don't want an ACL, I want it gone [...] Null routes aren't going to stop packets with 1918 *sources* from entering your network, I'm afraid. This is where ACLs come into play. And it's quite conceivable, on a network of MCI's size, there are still peering and edge ports terminated by GSRs with engine 0 cards, or 7500s, or other hardware where bogon filtering and/or reverse-path validation really is a Big Deal(tm). -a (computing VJ's cell phone bill on the WRT54G as we speak)
|