Re: [v6ops] Fwd: New Version Notification for draft-wkumari-long-headers-01.txt
joel jaeggli <joelja@bogus.com> Fri, 05 July 2013 19:16 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D09D21F9CF7 for <v6ops@ietfa.amsl.com>; Fri, 5 Jul 2013 12:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.038
X-Spam-Level:
X-Spam-Status: No, score=-102.038 tagged_above=-999 required=5 tests=[AWL=-0.039, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bT2HCbX6TOlZ for <v6ops@ietfa.amsl.com>; Fri, 5 Jul 2013 12:16:46 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 9EEA721F9CAD for <v6ops@ietf.org>; Fri, 5 Jul 2013 12:16:46 -0700 (PDT)
Received: from joels-MacBook-Air.local (c-71-193-176-225.hsd1.wa.comcast.net [71.193.176.225]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r65JGHLG001538 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Fri, 5 Jul 2013 19:16:18 GMT (envelope-from joelja@bogus.com)
Message-ID: <51D71B7C.7090501@bogus.com>
Date: Fri, 05 Jul 2013 12:16:12 -0700
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Thunderbird/22.0
MIME-Version: 1.0
To: Ray Hunter <v6ops@globis.net>, Gert Doering <gert@space.net>
References: <20130703235521.17726.15468.idtracker@ietfa.amsl.com> <0BDA30D8-AEDC-4E18-8ACE-64A032305F07@kumari.net> <1372897534.35448.YahooMailNeo@web2802.biz.mail.ne1.yahoo.com> <CAD6AjGSGeNHPUs9+F6OOAeDOy_FZpTOGkH6viX_fENca4H8X0g@mail.gmail.com> <1372899240.80312.YahooMailNeo@web2803.biz.mail.ne1.yahoo.com> <51D614F6.4030000@isi.edu> <20130705124651.GP2706@Space.Net> <51D6C601.70003@globis.net> <51D6CC01.4070600@isi.edu> <51D6D4D4.5000704@globis.net> <20130705141735.GT2706@Space.Net> <51D6D6FB.2090401@globis.net>
In-Reply-To: <51D6D6FB.2090401@globis.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Fri, 05 Jul 2013 19:16:18 +0000 (UTC)
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-wkumari-long-headers-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2013 19:16:47 -0000
On 7/5/13 7:23 AM, Ray Hunter wrote: >> Gert Doering <mailto:gert@space.net> >> 5 July 2013 16:17 >> Hi, >> >> On Fri, Jul 05, 2013 at 04:14:44PM +0200, Ray Hunter wrote: >>> Exactly. And the requirement from Geert and Steinar was for protecting >>> control plane traffic AFAICS. >> Well, actually we need both... >> >>> So what is the requirement to process L4 headers offorwarded traffic at >>> 10 gbps in backbone routers? >> ... "drop this UDP/53 flood at the most external borders we can to stop >> it from overloading internal links". > No disrespect, but by the time you've detected the attack and put in the > appropriate L4 filtering config, haven't the attackers long gone? The attempt at disruption lasts until the party achieves their goal, or gives up. > Doesn't this sort of DoS defence need to be auto-detecting, and > auto-responding, like fair queueing? Given a detection and mitigation platform you can identify and then install and remove acls accordingly http://tools.ietf.org/html/rfc5575 http://tools.ietf.org/html/draft-ietf-idr-flow-spec-v6-03 of course that requires that you be able to find the header you're trying to match on. actual deployment of flowspec in the field isn't for everyone, and it has a lot of warts in implementations. but it's there. > Or in the old days, simply reducing the link speed to untrusted peers? >> Gert Doering >> -- NetMaster >> > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] Fwd: New Version Notification for draft-w… Warren Kumari
- Re: [v6ops] Fwd: New Version Notification for dra… Bill Jouris
- Re: [v6ops] Fwd: New Version Notification for dra… cb.list6
- Re: [v6ops] Fwd: New Version Notification for dra… cb.list6
- Re: [v6ops] Fwd: New Version Notification for dra… Bill Jouris
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] New Version Notification for draft-wk… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Brian E Carpenter
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… Mark Andrews
- Re: [v6ops] Fwd: New Version Notification for dra… Bill Jouris
- Re: [v6ops] Fwd: New Version Notification for dra… joel jaeggli
- Re: [v6ops] Fwd: New Version Notification for dra… joel jaeggli
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… sthaug
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… Ray Hunter
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… cb.list6
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Ivan Pepelnjak
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Nalini Elkins
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Ray Hunter
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Ray Hunter
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… sthaug
- Re: [v6ops] Fwd: New Version Notification for dra… Gert Doering
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Joe Touch
- Re: [v6ops] New Version Notification for draft-wk… Michael H Lambert
- Re: [v6ops] New Version Notification for draft-wk… Joe Touch
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… joel jaeggli
- Re: [v6ops] Fwd: New Version Notification for dra… joel jaeggli
- Re: [v6ops] Fwd: New Version Notification for dra… Brian E Carpenter