|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: I didn't make it up to the microphone quick enough...
On Tue, Jun 09, 1998 at 10:16:10AM -0400, Alex Rubenstein wrote: > I have a question about the ip reverse-path verification. Obviously, it ip verify unicast reverse-path :) > won't work very well in asymetric multi-homed environment. But, the Not on the core edges, but on customer edges it works well. The only problems we have are related to customers that have another provider and don't send us all their netblocks because of statics, etc.. (which can be easily fixed naturally). > usefullness could be there (even limitedly) if you could at least filter > packets that have source address which does not exist in the routing table > _at all_ (irregardless of ingress or egress interface). This would be useful in a default-free network, but I'd be concerned with them deploying this in the lower end boxes that aren't default-free. It's hard to determine what is something to drop or not. What would be nice is a "ip drop private-blocks" or somesuch, but because many people build vpns, etc... with the lower end boxes also, as a vendor i'd be too concerned about that. - Jared
|