[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Roland Dobbins wrote:
>
>> Further in the thread, people have stated that most of these
>> techniques have already been deployed in many large provider networks.
>> Could you please name a couple?
>
> <http://www.nanog.org/mtg-0405/mcdowell.html>
We deployed a large batch of infrastructure hiding/protection "features"
in late 02/early 03 ({i,r,t}ACLs, MPLS core hiding, QoS enforcement,
DoS protection, etc) on our IP/MPLS backbone.
No issues (except a customer in FR if I remember correctly who had,
for God knows which reason, a couple of IPs coming from backbone space).
All these "features" are still deployed and others have been added in
the mean time (CoPP, BGP TCP md5, uRPF, etc).
Some technical details in various presos, mainly in the SwiNOG-7
one: http://www.securite.org/presentations/secip/
and in these: http://www.securite.org/presentations/ngn/
The draft is on my "TO-READ" list for the next longer flight :)
Nico.
--
Nicolas FISCHBACH
Senior Manager - Network Engineering/Security - COLT Telecom
e:(nico@securite.org) w:<http://www.securite.org/nico/>