ietf
[Top] [All Lists]

Re: What to improve? BCP-38/SAC-004 anyone?

2015-12-31 18:20:28

On Dec 31, 2015, at 6:50 PM, Michael Richardson 
<mcr+ietf(_at_)sandelman(_dot_)ca> wrote:


Jared Mauch <jared(_at_)puck(_dot_)nether(_dot_)net> wrote:
But for the small percentage of spoofed packets, the cost on the rest
is so high when we are often PPS limited on even the largest routers.
The 40-byte packet benchmark of
the late 90s isn’t seen today.

Tragedy of the commons...  the cost here is balanced by the root name server
operators dealing with regular multi-Gb/s attacks.

(The last one, which seems to have been the largest to date, it is unclear to
me if it was with forged source address)

http://www.root-servers.org/news/events-of-20151130.txt

Yup, not news to me (at least).  We have a lot of DNS providers, including
root servers behind our network.  It’s often cheaper to throw more servers
and bandwidth at the problem.

- Jared