|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 69/8...this sucks -- Centralizing filtering..
On Tue, 11 Mar 2003, Jack Bates wrote: > > Fortunately, in this particular case there is a solution on the horizon: > > S-BGP or soBGP. These BGP extensions authenticate all prefix > > announcements, so there is no longer any need to perform bogon filtering > > on routing information. uRPF can then be used to filter packets based on > > the contents of the routing table. > A majority of the filters in place are not BGP filters. Let's stay focussed on the problem at hand. Or are you saying that most of the _bogon_ filters aren't BGP filters? > They are firewall > rulesets designed to filter out hijacked and spoofed IP addresses to limit > DOS and illegitimate connections. S-BGP and soBGP will not solve the problem > for these people. If all routes in the routing table are good (which soBGP and S-BGP can do for you) and routers filter based on the contents of the routing table, hosts will not see any bogon packets except locally generated ones so they shouldn't have bogon filters of their own. So this will indeed solve the problem for these people.
|