North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Where is the edge of the Internet? Re: no ip forged-source-address
> > I'm opposed to some of the suggestions where to put source address > > filters, especially placing them in "non-edge" locations. E.g. requiring > > address filters at US border crossings is a *bad* idea, worthy of an > > official visit from the bad idea fairy. > > What is bad about filtering facing non-customers, if loose rpf is > used? I'm assuming this is what you mean by "border crossings" rather than > the literal. > > --------->makes sense on the edge/aggregation but if you do it further up in > the network.....there maybe some cases where we have assymetric routing, > where the path of uplink is never the path the same as the downlink, and > infact the source network of the packet may never be present in the routing > table....(it is possible, after all its a packet switched network and the > routing is destination IP based) ... Right, which is why I specifically mentioned loose rpf, vs. strict rpf. Even further up the customer chain, you'll still have a list of customer networks (assuming folks are doing the right thing by filtering customer bgp announcements) which could be used as an input to strict rpf.
|