North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Who does source address validation? (was Re: what's that smell?)
On Tue, 8 Oct 2002, Jared Mauch wrote: > install this on all your internal, upstream, downstream > interfaces (cisco router) [cef required]: > > "ip verify unicast source reachable-via any" > > This will drop all packets on the interface that do not > have a way to return them in your routing table. Once again, which providers do this? If c.root-servers.net provider did this, they wouldn't see any RFC1918 traffic because it would be dropped at their provider's border routers. If c.root-servers.net provider's peer did this, again c.root-servers.net provider wouldn't see the rfc1918 packets. So why doesn't c.root-servers.net provider or its peers implement this "simple" solution? Its not a rhetorical question. If it was so simple, I assume they would have done it already. PSI wrote one of the original peering agreements that almost everyone else copied. If it was a concern, I imagine PSI could have included the requirement, most of their peers would have signed it 10 years ago. But they didn't. Does AT&T? Yes Does UUNET? ? Does Cable & Wireless? ? Does Level 3? ? Does Qwest? ? Does Genuity? ? Does Sprint? ?
|