North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: NSPs filter?
On Mon, 5 Aug 2002, Barry Raveendran Greene wrote: > But, what if you could "strict mode" packet filter on the ISP-ISP side? Lets > say there was a dynamic uRPF filter that checked the source addresses > against the eBGP routes coming into a link. In other words, if the source > address from an ISP does not match the eBGP prefixes coming across from the > peer, the packet would drop. So if some /8 prefixes are filtered on the eBGP > side, they would get dropped on the ISP-ISP peering interface. For example, > if I only send routes from AS X, then any packet whose source address is > outside of AS X (say from AS Y) would not pass the uRPF check - resulting in > a drop. Since this is based on the dynamics of the eBGP prefixes coming > across the peering session, it would allow a "strict mode like" uRPF packet > filtering on the ISP-ISP edge (with all the asymmetry found on the ISP-ISP > edge). How would this work for BGP Conditional Advertisement as per page 118 of "Cisco ISP Essentials?" :-) Hank > > The question is whether this is something people would want as an option. A > uRPF mode that would enforce a peering agreement with dynamic packet > filtering (dynamic is based on the eBGP advertisements that get throughthe > peering filter). > > Barry >
|