North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Lazy Engineers and Viable Excuses
On Tue, 26 Aug 2003, Leo Bicknell wrote: > In a message written on Tue, Aug 26, 2003 at 10:43:00AM -0400, Jared Mauch wrote: > > Yes I could, if you and your customers had all the routes > > they sourced packest from registered. This has nothing to do > > with routing 101, this has to do with filtering customers and > > having anti-spoofing filters as well as route objects for any > > prefix you will source packets from. > > > ___T1 to Verio, With BGP____Verio______ > / \ > Customer UUnet > \ / > ---T1 to Sprint, No BGP-----Sprint----- > > Now, the customer, over their two T1 transit circuits does the > following: > > as-path access-list 1 deny .* > > neighbor verio filter-list 1 in > > ip route 0.0.0.0 0.0.0.0 sprint > > Should the customer have to register a route with Sprint to make > this work? How does UUNet, who only received a route from Verio, > know incoming packets from Sprint aren't spoofed? Note also, even > if these cases are in the IRR, UUNet's filter for Sprint will be > larger than the number of routes currently received, since there is > no route for this prefix that needs to be in the filter. > > [Note, I don't suggest this configuration is common or useful on > its own, but rather it's a simple enough case it can be used for > discussion in e-mail.] Hmm this isnt a real world scenario tho.. if you multihome there should be BGP on both paths.. In the example above Sprint arent accepting or sourcing a route so there is no issue on routes being passed into Sprint or UUNET and we're talking here about spoofing of routes not packets Steve
|