Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
joel jaeggli <joelja@bogus.com> Mon, 09 October 2017 16:24 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B78B134692 for <opsec@ietfa.amsl.com>; Mon, 9 Oct 2017 09:24:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.001
X-Spam-Level:
X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 453gwa-7kif5 for <opsec@ietfa.amsl.com>; Mon, 9 Oct 2017 09:24:45 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 613FB134691 for <opsec@ietf.org>; Mon, 9 Oct 2017 09:24:43 -0700 (PDT)
Received: from mbp-4.local ([IPv6:2620:11a:c081:20:d4ec:2179:256:3cdf]) (authenticated bits=0) by nagasaki.bogus.com (8.15.2/8.15.2) with ESMTPSA id v99GOPFP091527 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 9 Oct 2017 16:24:41 GMT (envelope-from joelja@bogus.com)
X-Authentication-Warning: nagasaki.bogus.com: Host [IPv6:2620:11a:c081:20:d4ec:2179:256:3cdf] claimed to be mbp-4.local
To: Ron Bonica <rbonica@juniper.net>, "C. M. Heard" <heard@pobox.com>, OPSEC <opsec@ietf.org>, Joe Touch <touch@strayalpha.com>, Bob Hinden <bob.hinden@gmail.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
References: <CACL_3VExxwN6z-WHbp3dcdLNV1JMVf=sgMVzh-k0shNJFeADbQ@mail.gmail.com> <BLUPR0501MB2051A8FFB1DAFDCA9873B9E6AE700@BLUPR0501MB2051.namprd05.prod.outlook.com> <4fc640bb-4b03-578c-1904-77628d002e73@bogus.com> <BLUPR0501MB2051E286639CF5D20CB880F4AE710@BLUPR0501MB2051.namprd05.prod.outlook.com>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <5fcd0f63-444e-5d3b-ae94-4c7b4d5e0174@bogus.com>
Date: Mon, 09 Oct 2017 09:24:56 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <BLUPR0501MB2051E286639CF5D20CB880F4AE710@BLUPR0501MB2051.namprd05.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="fLAHeqcL68WrGXjhRsdBjFmuq8Jb8gqDW"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/ZJG7IDWNVs2y6bcMGvahbOmi3P0>
Subject: Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 16:24:48 -0000
On 10/6/17 11:15, Ron Bonica wrote: > Hi Joel, > > I was thinking about ISPs who are transit providers. So, the traffic actually belong to your customers' customers. Transitively that's your customers traffic. If Bob sells transit to Alice and I sell transit to Bob, Alice's traffic is Bob's traffic from my vantage point. As Bob's transit provider I accept Alice's routes; My route filter is constructed from Bob's AS set which includes Alice's AS, (1) Hypothetically If I have some kind of token bucket rate limiter on a port to protect Bob from NTP reflection attacks it affects Alice's traffic too. (1)- Example AS set (picking on Charter, sorry it comes after B), If I am a transit of Charter's I build the prefix filter from the route objects for each of the following ASNs which may well include Bob and Alice. J@mbp:Switch-Configs$whois -h whois.radb.net AS-CHTR-BB as-set: AS-CHTR-BB descr: Charter Communications and Charter Customers. members: AS157, AS1438, AS1646, AS1678, AS1710, AS1796, AS1944, AS2705, AS2711, AS2722, AS2834, AS2941, AS3136, AS3565, AS3599, AS3663, AS4150, AS4193, AS4307, AS4917, AS4986, AS5642, AS5683, AS5718, AS6112, AS6315, AS6428, AS7064, AS7213, AS7361, AS7381, AS7843, AS7938, AS7949, AS10326, AS10359, AS10747, AS11170, AS11191, AS11130, AS11194, AS11191, AS11206, AS11436, AS11582, AS11586, AS11621, AS11672, AS11687, AS11720, AS11741, AS11754, AS11925, AS11986, AS11999, AS12047, AS12152, AS13344, AS13525, AS13549, AS13558, AS13582, AS13650, AS13659, AS13701, AS13740, AS13823, AS13866, AS13933, AS13941, AS14043, AS14057, AS14100, AS14130, AS14159, AS14194, AS14274, AS14334, AS14374, AS14388, AS14389, AS14403, AS14409, AS14440, AS14474, AS14527, AS14599, AS14617, AS14758, AS14775, AS14787, AS14810, AS14871, AS14893, AS14940, AS15037, AS15085, AS15086, AS15108, AS15111, AS15117, AS15153, AS15156, AS15176, AS15304, AS16412, AS16424, AS16489, AS16495, AS16584, AS16615, AS16725, AS16745, AS16767, AS16787, AS16842, AS16865, AS17068, AS17122, AS17146, AS17164, AS17195, AS17277, AS18444, AS18578, AS18614, AS18651, AS18675, AS18733, AS18772, AS18793, AS18812, AS18823, AS18917, AS18930, AS19115, AS19153, AS19157, AS19211, AS19219, AS19444, AS19458, AS19643, AS19663, AS19718, AS19735, AS19872, AS19945, AS19967, AS20033, AS20115, AS20138, AS20164, AS20178, AS20239, AS20289, AS20379, AS20940, AS21527, AS21580, AS21657, AS21673, AS21689, AS21783, AS21802, AS21813, AS21896, AS21974, AS22040, AS22046, AS22189, AS22221, AS22223, AS22237, AS22269, AS22291, AS22319, AS22350, AS22379, AS22415, AS22809, AS22829, AS22837, AS22932, AS23083, AS23134, AS23210, AS23225, AS23260, AS23292, AS23301, AS25684, AS25773, AS25786, AS25789, AS25863, AS25879, AS25979, AS26082, AS26128, AS26135, AS26137, AS26174, AS26190, AS26261, AS26271, AS26296, AS26305, AS26345, AS26429, AS26453, AS26477, AS26554, AS26853, AS26781, AS27000, AS27193, AS27240, AS27261, AS27287, AS27360, AS27388, AS27419, AS27462, AS27505, AS27517, AS27556, AS27631, AS29300, AS29578, AS29710, AS29758, AS29850, AS30055, AS30089, AS30115, AS30150, AS30220, AS30242, AS30243, AS30264, AS30269, AS30320, AS30335, AS30376, AS30382, AS30591, AS30618, AS30660, AS30717, AS31761, AS31783, AS31862, AS31863, AS31937, AS31973, AS32010, AS32101, AS32104, AS32146, AS32149, AS32186, AS32212, AS32304, AS32368, AS32432, AS32442, AS32497, AS32511, AS32664, AS32672, AS32684, AS32755, AS32768, AS32824, AS32879, AS32933, AS33093, AS33112, AS33114, AS33286, AS33299, AS33347, AS33391, AS33413, AS33418, AS33468, AS33497, AS33583, AS33596, AS33636, AS53643, AS33672, AS33753, AS35874, AS35963, AS35988, AS36094, AS36101, AS36167, AS36264, AS36285, AS36402, AS36526, AS36827, AS40100, AS40142, AS40164, AS40189, AS40200, AS40238, AS40285, AS40324, AS40372, AS40386, AS40423, AS40433, AS40458, AS40534, AS40554, AS40779, AS40772, AS40790, AS40805, AS40825, AS40836, AS40878, AS41264, AS46081, AS46119, AS46197, AS46262, AS46268, AS46297, AS46338, AS46348, AS46417, AS46419, AS46464, AS46479, AS46496, AS46505, AS46568, AS46594, AS46604, AS46638, AS46645, AS46676, AS46688, AS46709, AS46745, AS46760, AS46774, AS46778, AS46796, AS46805, AS46825, AS46830, AS46924, AS46925, AS46927, AS46966, AS47015, AS47018, AS47038, AS47086, AS47583, AS50365, AS53286, AS54638, AS53311, AS53360, AS53515, AS53462, AS53567, AS53586, AS53597, AS53663, AS53674, AS53695, AS53697, AS53716, AS53729, AS53738, AS53934, AS53972, AS54047, AS54052, AS54068, AS54105, AS54155, AS54223, AS54352, AS54376, AS54389, AS54445, AS54456, AS54704, AS54709, AS54755, AS54771, AS54809, AS54814, AS54839, AS54855, AS54869, AS54966, AS53674, AS55024, AS55042, AS55280, AS55228, AS57972, AS62496, AS62509, AS62561, AS62625, AS62632, AS62691, AS62798, AS62882, AS63016, AS63050, AS63198, AS63354, AS64243, AS63267, AS65001, AS393279, AS393386, AS393491, AS393483, AS393550, AS393582, AS393960, AS393621, AS393657, AS393696, AS393723, AS393782, AS393878, AS393897, AS393983, AS393999, AS394046, AS394112, AS394286, AS394316, AS394398, AS394443, AS394702, AS394764, AS394795, AS394908, AS394960, AS395137, AS395143, AS395175, AS395220, AS395227, AS395251, AS395277, AS395324, AS395393, AS395498, AS395640, AS395643, AS396145, AS396208 admin-c: NSOC Tiered Support remarks: Added AS54966 - Halbert Hargrove notify: dlnocip@chartercom.com notify: DLDNTNBB@charter.com mnt-by: MAINT-CHTR-WD changed: jugraj.singh@charter.com 20170918 #20:43:12Z source: RADB >> Traffic on a isp either the isp's traffic or a customers (customer is transitive, a >> customer of a customer is customer traffic). traffic which neither to a >> customer or the isp is party to unwanted, whether it's there due to malice or >> intention. >> >> what services one offers to a customer seems entirely like a contractual >> detail. >> >> strictly speaking the destination of a packet may not be the destination >> address in the ip header as when the TTL is lowered or when hop by hop >> options are employed. >> >
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-filteri… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Joe Touch
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Ron Bonica
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Bob Hinden
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… C. M. Heard
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Tim Chown
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Ron Bonica
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Ron Bonica
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Joe Touch
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Brian E Carpenter
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… C. M. Heard
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… joel jaeggli
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Ron Bonica
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… joel jaeggli
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Fernando Gont
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Fernando Gont
- Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-fil… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Fernando Gont
- Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-ipv… Brian E Carpenter
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Brian E Carpenter
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Bob Hinden
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Ole Troan
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Nick Hilliard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-eh-… C. M. Heard