North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: asymmetric/peer RPF [RE: TCP/BGP vulnerability - easier than you think]
From: Pekka Savola [mailto:[email protected]] > When discussing RPF towards peers or w/ asymmetric > paths, I'd recommend to read RFC 3704 I have, this is a very good document. > If your prefix filter stops a neighbor from > advertising a prefix, maybe you would have to > revise your prefix filtering policy (e.g., > revise it more often, get notice if the peer > sends you something you're filtering, tell to > peers not to advertise anythnig that's not > properly in the routing DB's, etc.)? This > doesn't seem so bad to me... I agree, but there are many people that think it is very bad. Trouble is, using RPF has a great potential for problems as it will drop traffic (which is the reason it's not being used in the first place). The point I was trying to make is as follows: if you don't use RPF (which is probably the case) then there is no harm in prefix-filtering peers (if you are not a tier-1) even if the prefix-filters are not perfect. Needless to say, there is no point prefix-filtering if your filters are completely messed up. Michel. |