North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Who does source address validation? (was Re: what's that smell?)

  • From: Valdis.Kletnieks
  • Date: Tue Oct 08 12:01:14 2002

On Tue, 08 Oct 2002 09:34:19 MDT, Danny McPherson <[email protected]>  said:

> > "ip verify unicast source reachable-via any"

> Of course, this is the IP RIB and may not include all the 
> potential paths in the BGP Adj-RIBs-In, right?  As such, 
> you've still got the potential for asymmetric routing to 
> break things.

"reachable-via any" means you're only going to drop the packet if you
don't have *ANY* route back to them.  I think that if you're in a situation
where you have asymmetric routing, and have a packet coming in on one path
that you theoretically COULD send to the destination, and the destination
has an alternate-path route back to the source, *but you don't have ANY route*,
then you're already in a "broken" state anyhow.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Attachment: pgp00015.pgp
Description: PGP signature