North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Effective ways to deal with DDoS attacks?

  • From: LeBlanc, Jason
  • Date: Thu May 02 14:34:52 2002 
Wasn't trying to make you mad, just looking for clarity. =)

-----Original Message-----
From: Mark Turpin [mailto:[email protected]]
Sent: Thursday, May 02, 2002 11:25 AM
To: [email protected]
Subject: Re: Effective ways to deal with DDoS attacks?



On Thu, May 02, 2002 at 10:16:55AM -0700, LeBlanc, Jason wrote something
like this:
> Thats how it we understood it to work (CEF lookup).  It checks for a route
> in the table, obviously any real route would be in the CEF table.  I may
be
> wrong, but it doesn't actually send a packet to verify, the logical way to
> check would be by checking CEF, as anything the router knows about that is
> valid would be in CEF.  If I'm misunderstanding, please do send more info.

I think a typo on my part has led to misunderstanding even more.  However,
the thread's 
getting hot, so I'm about ready to part ways with it.

Regarding my statements, I was not inferring a packet be sent off to a host,
or
anything of that nature.  What I'm referring to is a simple lookup [we now
agree by CEF]
to verify that the interface a packet was received on was actually the
interface
CEF would use to go back to the source of that packet. (I forgot source last
time)

If you can tweak rpf now to support multihoming, woohoo.
And yes, depending on where you implement rpf the routing table comes into
play.
big woop.

Earlier LeBlanc, Jason wrote something like this:
> There are some limitations as to where uRPF works, SONET only on GSRs for
> example (thanks Cisco).  I believe it will work on 65xx (SUP1A and SUP2 I
> think) regardless of interface type.  Impact should be minimal, as it
simply     
> does a lookup in the CEF table, if the route isn't there it discards.

That's what prompted me to even reply in the first place was noticing the
fact
you stated rpf only worked on pos interfaces on gsrs and that it did a
simple route 
lookup.  Both of which I disagree with.  I've already stated what its
looking
for in the fib, and its *not* whether its 'there or not'.

i'm over it, so have a good day...
-mark
-- 
   Why is it considered necessary to nail down the lid of a coffin?