25 Apr
2014
25 Apr
'14
1:25 p.m.
John,
Working for a governmental ISP, the fact is that traffic, regardless if it's noise or
legitimate (which can only be determined by Deep Packet Inspection), can only be stopped
at the border. Once stopped at the border, you still have incurred the inbound bandwidth
costs.
Those running IPENCAP tunnels deal with this today, traffic destined to our subnets still
reaches our gateways, and the bandwidth has been spent. This is regardless of a firewall
to prevent traffic from entering the subnet, or a Destination Unreachable returned. That
cannot be changed, as 44/8 are public IP addresses. Traffic must be at your border,
that's the point of routing.
-KB3VWG