Hi.
The main aim of the experiment was to consider ways that Citylink connected organisations with BGP capable routers but without AS numbers might exchange routing data, so that they can send data directly between each other, without having to go through one (or several) ISP routers.
Don't ICMP redirects handle this just fine? There are legitimate security reasons for disabling these, but has anyone actually disabled them, or asked clients to disable them? I've never really had the feeling that anyone was very concerned about security on Citylink (i could be wrong) anyway. If we have ICMP redirects do we actually need BGP between anyone except ISPs and other multiply connected organisations? Can't we use layer 3 ethernet switches (and possibly monitoring) to greatly improve security in general, lessen the risks with responding to ICMP redirects, and thus address this issue much more easily? -Craig --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog