[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Filter on IXP
- Subject: Filter on IXP
- From: jerome at ceriz.fr (Jérôme Nicolle)
- Date: Fri, 28 Feb 2014 16:42:59 +0100
- In-reply-to: <[email protected]>
- References: <CAPpGzHFQoqqB6SKP1c1nX=LX9=C7djhi5szwN1trxE8bVMNJDg@mail.gmail.com> <[email protected]> <[email protected]> <CABSP1OfetOSRO0wrOdCWtAkOhnk0DJ00F=rDYn9bw+kDNrh8sg@mail.gmail.com> <CAD6AjGTfkjPJWQQpqvaUbiuOikWG=LEnw1o0=gaOm4_eUBGwNA@mail.gmail.com> <CABSP1Of35gXMLN4qJ0KuhHL9=8QuLMCBoZvFTpfM3aGs2BkHEg@mail.gmail.com> <CAD6AjGS_-uKWeesQKHt=PE=ynvHvyCVsODxatu4haVcHYkBd+g@mail.gmail.com> <[email protected]> <[email protected]> <CAD6AjGTvnOzp0c171UdFStF6HQaeogGCu=-ReGWNLOo7vSpx8g@mail.gmail.com> <[email protected]>, <[email protected]> <[email protected]>
Hi Chris,
Le 23/02/2014 01:43, Chris Laffin a ?crit :
> It would be really cool if peering exchanges could police ntp on their connected members.
Well, THIS looks like the worst idea ever. Wasting ASIC ressources on
IXP's dataplanes is a wet-dream for anyone willing to kill the network.
IXP's neutrality is a key factor to maintain reasonable interconnexion
density.
Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
received routes to ingress _and_ egress ACLs on IXP ports would mitigate
the role of BCP38 offenders within member ports. It's almost like uRPF
in an intelligent and useable form.
A noticeable side-effect is that members would be encouraged to announce
their entire customer-cones to ensure egress trafic from a non-exchanged
prefix would not be dropped on the IX's port.
By the way, would anyone know how to generate OpenFlow messages to push
such filters to member ports ? Would there be any smat way to do that on
non-OpenFlow enabled dataplanes (C6k...) ?
Best regards,
--
J?r?me Nicolle
+33 6 19 31 27 14