Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
David Farmer <farmer@umn.edu> Sun, 08 August 2021 19:03 UTC
Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 053943A12AB for <ipv6@ietfa.amsl.com>; Sun, 8 Aug 2021 12:03:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G91AOX2TkA-r for <ipv6@ietfa.amsl.com>; Sun, 8 Aug 2021 12:03:52 -0700 (PDT)
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7BE63A12A7 for <ipv6@ietf.org>; Sun, 8 Aug 2021 12:03:52 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4GjTCC5QhBz9vBss for <ipv6@ietf.org>; Sun, 8 Aug 2021 19:03:51 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3N2LtI_Uet2 for <ipv6@ietf.org>; Sun, 8 Aug 2021 14:03:51 -0500 (CDT)
Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 4GjTCC2Fl8z9vBrj for <ipv6@ietf.org>; Sun, 8 Aug 2021 14:03:51 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.4.1 mta-p5.oit.umn.edu 4GjTCC2Fl8z9vBrj
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4GjTCC2Fl8z9vBrj
Received: by mail-ed1-f69.google.com with SMTP id e3-20020a50ec830000b02903be5be2fc73so1767297edr.16 for <ipv6@ietf.org>; Sun, 08 Aug 2021 12:03:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VYlsHOgH8cqEaqZL09V/SiAatYTgeiIM/6eMV4WeB6o=; b=bwIfV50mzf7ylr0r80j1AZtiF59WfB5U4mSxE0aSRsS2EGPK5267npdGenGrdtYYul 2cE941rwqCQpqxDxLJjKcHewk5AmU6GUC2NTuI0wNLRrxAnDD+aP6Z/spfvJnGtcB0ow flof5EThE8QLntW5czOy/Onjz6L96UUBJFXFhzy1fplNRK1DCmi2gMBdri52DnyboHOB Ww8It1k2unWiGcQn7oOaj30zePWaAeX4j2jMfkq1hnL02bOuEiIg9997vxLb25kOZtiX V8P74nqKe1X9NFcS6NFuQfMTAbxcVAQ0U+K1C/jBXTqWJ4qWYs4Q3bFV81R0xIYndzMH XMiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VYlsHOgH8cqEaqZL09V/SiAatYTgeiIM/6eMV4WeB6o=; b=jRoLNI5rdZajS4vUaQgEZ6RG/ZmlaqDB8SEvWM+stsfGF+66/Xo1uovYV9QMBNn7JK x7LHzWzOkT7xC+pD9gNsrAP+DMOa2uVOcCVRXAjk7MGaEg6UG4J10dY76LS/iaF6Md8N KQudCsAgmx6jqy5+xLbCekqLnuSrgwqAmEmnCAr1d2FUitSOXUvNnNuvDnCkUaypmiIC vAL6ltjQ+xO7d8LFlryDTDfQbZCGgBgEdKGrDElCyTBeYCsGRZQaYmEo4NBUlgVdQuik Kn/wVMWz3AvQz1Eu/rGWImmt+usa6FOX8q7ZHhf41zlojHUCPV66fdEJzrOaRRX20ack IPfw==
X-Gm-Message-State: AOAM532yzzHgaf8+V9F+p0SNb2YSeoIh4BnJqpAj4jxl5NCdB3tb1aaZ zNjCOq43G8PdLb+1TI7hdGHt6YHX0P/VqHp0y4WjBsoCLwQLNAuQek8qrLOwDUupinpvwkqIaHi gMRJxo8c5e8mjooFdeyQ4OGDz
X-Received: by 2002:a17:907:1c9f:: with SMTP id nb31mr19828089ejc.114.1628449429316; Sun, 08 Aug 2021 12:03:49 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzHFC25ZTSPAIidONr11+htNqvzyFqX+Egd5+Lqex1PDLLNdRU7TgUvuBQmUWUZqBOz9rqJvDw2stgx98QRGwE=
X-Received: by 2002:a17:907:1c9f:: with SMTP id nb31mr19828062ejc.114.1628449428919; Sun, 08 Aug 2021 12:03:48 -0700 (PDT)
MIME-Version: 1.0
References: <db8c1a5534e9412ebcfa37682d75f862@huawei.com> <C23D7023-B5B7-47C6-8AC5-65A98822A724@lurchi.franken.de> <CANMZLAZGawUjRhSSE_rA8AyqMx=mx1WFeJ_tZq0KVEXJd2XBfQ@mail.gmail.com> <20210807014730.GA28901@faui48f.informatik.uni-erlangen.de> <CAO42Z2yezZh5-B0PwCuNt2FUMAW-FjMK8QZ8uL4TsPhs26zziw@mail.gmail.com> <20210807151716.GA3098@faui48f.informatik.uni-erlangen.de> <CALZ3u+a_7XQ+R8mV+9KzwRwxa0riP-QD_2R69ycV0NL9jy_S3Q@mail.gmail.com> <20210807175410.GA63079@faui48f.informatik.uni-erlangen.de> <CALx6S36b33LD_hNFvptOJuny4g98=dhq3RtKsGeLx3ks-yYjFg@mail.gmail.com> <6F63D7FE-8768-4BD8-846E-61E50E44228F@lurchi.franken.de> <CALx6S36pbw2angEmDpu5DnX2nix9KgxFs7ExU17x+JXQFs23TA@mail.gmail.com> <CALZ3u+Yt2X3faSVW7K0eaxmaQy6iA6p4=f0c4E_F4CP0tfjHYw@mail.gmail.com> <CALx6S343sL0=5wUTRSXMnhSamjTTZU=DzA9Y+dbJ4NRTu0_83w@mail.gmail.com> <CALZ3u+ad6Cecp4T+wfuKVJ4ZmnQvaCSX2njFPCN8DuctrU6uew@mail.gmail.com> <CALx6S37u=y1wX8+6d8aX-6=N1MFEqO9RwxQN5zhZnS4DLM8DcA@mail.gmail.com> <CALZ3u+bHbsdzQsHOHx-6nEe6yQBbHMDhH9_PWB=WHTchB8tj5w@mail.gmail.com>
In-Reply-To: <CALZ3u+bHbsdzQsHOHx-6nEe6yQBbHMDhH9_PWB=WHTchB8tj5w@mail.gmail.com>
From: David Farmer <farmer@umn.edu>
Date: Sun, 08 Aug 2021 14:03:37 -0500
Message-ID: <CAN-Dau3+e=g-ujo30hKidXfbD0EJZ8-Y8iz7pu+ez3Yakmgzvw@mail.gmail.com>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
To: Töma Gavrichenkov <ximaera@gmail.com>
Cc: 6man WG <ipv6@ietf.org>, IETF discussion list <ietf@ietf.org>, Tom Herbert <tom@herbertland.com>
Content-Type: multipart/alternative; boundary="000000000000bef8a205c910eda9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/i8vikjlTNlHvQqCur7LeXf3Q3bE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Aug 2021 19:03:57 -0000
On Sun, Aug 8, 2021 at 02:27 Töma Gavrichenkov <ximaera@gmail.com> wrote: > Peace, > > On Sun, Aug 8, 2021, 5:20 AM Tom Herbert <tom@herbertland.com> wrote: > > Using anycast as a >> mitigation to DDoS doesn't seem like a great idea considering the >> problems being discussed here. >> > > It's quite the opposite: using anycast to mitigate DDoS is the only proper > way to do it, because, basically, DDoS traffic, generated in thousands of > locations on the globe, cannot be handled when accumulated in one place. > > Either you have multiple traffic termination points on the net (a.k.a. > anycast), each as close to some traffic generation point as possible, or > you'll end up having capacity overload around your last mile. This is the > equation fundamental to the Internet, while the implementation issues > discussed here are hardly more than just typical software engineering tasks. > Anycast is only one of several mitigation strategies for DDoS, yes, it is a good one for web type services, it might even be the best for that type of service, especially against large volumetric attacks. However, there are many other types of attacks to protect against and services that need protection and anycast is a lousy mitigation strategy for many of them, especially for client networks or peer to peer services. While I agree with you, anycast is an important capability in the Internet architecture, nevertheless it has many limitations, and is not the panacea you claim it to be, even for DDoS. Furthermore, I’m not sure what you or the original reporter of this problem expect the IETF to do to fix the problem that was reported. I’ll remind you of the well worn trope, “the IETF is not the protocol police.” Any fix to the problem reported is squarely in hands of Linux developers, not the IETF. Thanks. > -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Mark Smith
- Re: IPv6 Anycast has been killed by LINUX patch i… Jeff Tantsura
- Re: IPv6 Anycast has been killed by LINUX patch i… Mark Smith
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian E Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Simon Hobson
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… David Farmer
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Theodore Ts'o
- Re: IPv6 Anycast has been killed by LINUX patch i… Nick Hilliard
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian E Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Jen Linkova
- Re: IPv6 Anycast has been killed by LINUX patch i… Patrik Fältström
- Re: IPv6 Anycast has been killed by LINUX patch i… Ole Troan
- Re: IPv6 Anycast has been killed by LINUX patch i… Patrik Fältström
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Nick Hilliard
- Re: IPv6 Anycast has been killed by LINUX patch i… Templin (US), Fred L
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Christian Huitema
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Theodore Ts'o
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- Driver for SRV6 [Re: IPv6 Anycast has been killed… Brian E Carpenter
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Gyan Mishra
- RE: Driver for SRV6 [Re: IPv6 Anycast has been ki… Vasilenko Eduard
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Stefano Salsano
- RE: Driver for SRV6 [Re: IPv6 Anycast has been ki… Vasilenko Eduard
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Gyan Mishra