IETF Logo Mail Archive

Re: [v6ops] Fwd: New Version Notification for draft-wkumari-long-headers-01.txt

Ray Hunter <v6ops@globis.net> Fri, 05 July 2013 14:24 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D501021F9310 for <v6ops@ietfa.amsl.com>; Fri, 5 Jul 2013 07:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WicaqZ1Y31yg for <v6ops@ietfa.amsl.com>; Fri, 5 Jul 2013 07:24:17 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4F19021F8FAF for <v6ops@ietf.org>; Fri, 5 Jul 2013 07:24:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 942A887007B; Fri, 5 Jul 2013 16:24:01 +0200 (CEST)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w7KUgMbgEC+M; Fri, 5 Jul 2013 16:24:01 +0200 (CEST)
Received: from Rays-iMac-2.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 6C9AC870070; Fri, 5 Jul 2013 16:24:01 +0200 (CEST)
Message-ID: <51D6D6FB.2090401@globis.net>
Date: Fri, 05 Jul 2013 16:23:55 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.8 (Macintosh/20130427)
MIME-Version: 1.0
To: Gert Doering <gert@space.net>
References: <20130703235521.17726.15468.idtracker@ietfa.amsl.com> <0BDA30D8-AEDC-4E18-8ACE-64A032305F07@kumari.net> <1372897534.35448.YahooMailNeo@web2802.biz.mail.ne1.yahoo.com> <CAD6AjGSGeNHPUs9+F6OOAeDOy_FZpTOGkH6viX_fENca4H8X0g@mail.gmail.com> <1372899240.80312.YahooMailNeo@web2803.biz.mail.ne1.yahoo.com> <51D614F6.4030000@isi.edu> <20130705124651.GP2706@Space.Net> <51D6C601.70003@globis.net> <51D6CC01.4070600@isi.edu> <51D6D4D4.5000704@globis.net> <20130705141735.GT2706@Space.Net>
In-Reply-To: <20130705141735.GT2706@Space.Net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-wkumari-long-headers-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2013 14:24:18 -0000

> Gert Doering <mailto:gert@space.net>
> 5 July 2013 16:17
> Hi,
>
> On Fri, Jul 05, 2013 at 04:14:44PM +0200, Ray Hunter wrote:
>> Exactly. And the requirement from Geert and Steinar was for protecting
>> control plane traffic AFAICS.
>
> Well, actually we need both...
>
>> So what is the requirement to process L4 headers offorwarded traffic at
>> 10 gbps in backbone routers?
>
> ... "drop this UDP/53 flood at the most external borders we can to stop
> it from overloading internal links".
No disrespect, but by the time you've detected the attack and put in the
appropriate L4 filtering config, haven't the attackers long gone?

Doesn't this sort of DoS defence need to be auto-detecting, and
auto-responding, like fair queueing?

Or in the old days, simply reducing the link speed to untrusted peers?
> Gert Doering
>         -- NetMaster
>

v2.23.0 | Report a Bug | By Email