Re: BCP38 dismissal

• From: Greg Hankins
• Date: Thu Sep 04 14:13:05 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Thu, Sep 04, 2008 at 01:14:20PM -0400, Paul Wall wrote:
>On Thu, Sep 4, 2008 at 12:45 PM, Jo Rhett <[email protected]> wrote:
>> I'm sorry, but nonsense statements such as these burn the blood.  Sure, yes,
>> protecting yourself is so much more important than protecting anyone else.
>>
>> Anyone else want to stand up and join the "I am an asshole" club?
>
>uRPF is important.  But all the uRPF in the world won't protect you
>against a little tcp/{22,23,179} SYN aimed at your Force 10 box.
>
>Ya know what I mean?

Hey Paul, would you be able to demonstrate this problem?  I'd like to see
it so that we can investigate and fix it.

You are correct that the first generation of E-Series hardware (EtherScale)
had little control plane protection.

The current E-Series hardware (TeraScale) has a completely different
architecture that rate limits, queues and filters all packets destined to
the control plane.

Greg*

(* I am currently employed by Force10.)

-- 
Greg Hankins <[email protected]>

• Follow-Ups:
  • Re: BCP38 dismissal Paul Wall

• References:
  • Re: Force10 Gear - Opinions Jo Rhett
  • Re: Force10 Gear - Opinions Paul Wall
  • RE: Force10 Gear - Opinions James Jun
  • BCP38 dismissal Jo Rhett
  • Re: BCP38 dismissal Paul Wall

• Prev by Date: Re: BCP38 dismissal
• Next by Date: Re: ingress SMTP
• Date Index
• Thread Index
• Author Index
• Historical