North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: no ip forged-source-address
On Wed, 30 Oct 2002, Daniel Senie wrote: > BCP 38 is quite explicit in the need for all networks to do their part. The > document is quite effective provided there's cooperation. Doesn't seem to be working. > Which interface would you filter on? Customer ingress ports on the ISP side, which I suspect are the majority of ports in ISP networks. Hopefully engineers on the backbone will be clueful enough to turn it off. > If we're talking about a router at the customer premesis, the filters > should be on the link to the ISP (the customer may well have more > subnets internally). At the ISP end, doing the filtering you suggest > would not work, since it'd permit only the IP addresses of the link > between the customer and user. The routing table of the router should be used to build up a list of prefixes that you should see through the interface. In this way, you could apply it to BGP customers too without having to create filters by hand. Regards, Rich
|