[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minutes / Notes

To: "marcelo bagnulo" <marcelo@it.uc3m.es>
Subject: Re: Minutes / Notes
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 20 Jul 2003 23:18:06 +0200
Cc: multi6@ops.ietf.org
In-reply-to: <LIEEJBCNFDJHFFKJJDPAKEMECMAA.marcelo@it.uc3m.es>

On zondag, jul 20, 2003, at 17:41 Europe/Amsterdam, marcelo bagnulo wrote:

For the source endpoint information, i am not sure.
I think that carrying the source identifier would make more sense, since it
identifies the other endd of the communication. This would also allow to
configure filters depending on the source identifier making things like
renumbering easier. The first problem that i find with this option is that
you cannot send error messages back to the source (since there is no locator
of the source) when there is a problem and additional mechanisms are needed
to perform reverse mapping in this situation.

Having the source identifier rather than a source locator in packets might be useful. It certainly makes "big" easier to implement. I don't think sending back ICMP messages would be a huge obstacle in practice: a box somewhere in the ISP network can source an aggregate route for the whole identifier space and replace the identifier in the destination address with an appropriate locator.

The ingress filtering issue is a bigger issue. But I think this approach may actually strengthen anti-DOS measures rather than weaken them, as we're in the position to mandate mechanisms for tracking and controlling source addresses for the new identifier space from the start. For instance, we could have the mapping between an organization and its identifier address space be cryptographically signed by the registry. Then whenever abuse is suspected (for instance, because of high traffic volumes or complaints) it is possible to send a challenge to the source as indicated by the identifier, who can then either acknowledge that the traffic is theirs (and use a signature to prove this) or deny it so the traffic can be filtered. It should even be possible for the acknowledgement to contain information about allowed traffic types and rates so illegitimate use of network resources by the legitimate holder of an address can be automatically detected and stopped. The challenge/response with signature thing can also be used to automatically adjust ingress filtering at the ISP side.

Follow-Ups:
- Re: Minutes / Notes
  - From: Pekka Nikander <pekka.nikander@nomadiclab.com>

References:
- RE: Fwd: Minutes / Notes
  - From: "marcelo bagnulo" <marcelo@it.uc3m.es>

Prev by Date: Re: Fwd: Minutes / Notes
Next by Date: Re: Minutes / Notes
Previous by thread: Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/ Notes)
Next by thread: Re: Minutes / Notes
Index(es):
- Date
- Thread