Re: no ip forged-source-address

• From: [email protected]
• Date: Wed Oct 30 11:23:25 2002

On Wed, 30 Oct 2002, Daniel Senie wrote:

> BCP 38 is quite explicit in the need for all networks to do their part. The 
> document is quite effective provided there's cooperation.

Doesn't seem to be working.
 
> Which interface would you filter on? 

Customer ingress ports on the ISP side, which I suspect are the majority
of ports in ISP networks.  Hopefully engineers on the backbone will be
clueful enough to turn it off.

> If we're talking about a router at the customer premesis, the filters
> should be on the link to the ISP (the customer may well have more
> subnets internally). At the ISP end, doing the filtering you suggest
> would not work, since it'd permit only the IP addresses of the link
> between the customer and user.

The routing table of the router should be used to build up a list of 
prefixes that you should see through the interface.  In this way, you 
could apply it to BGP customers too without having to create filters by 
hand.

Regards,


Rich

• Follow-Ups:
  • RE: no ip forged-source-address Tony Hain

• References:
  • Re: no ip forged-source-address Daniel Senie

• Prev by Date: Re: no ip forged-source-address
• Next by Date: Re: no ip forged-source-address
• Date Index
• Thread Index
• Author Index
• Historical