North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 making it work, solving problems

  • From: Christopher L. Morrow
  • Date: Tue Oct 12 10:21:31 2004

On Tue, 12 Oct 2004, Niels Bakker wrote:

> * [email protected] (Christopher L. Morrow) [Tue 12 Oct 2004, 05:18 CEST]:
> > a common occurance we've seen is a customer of a customer NOT
> > announcing , nor planning on announcing, their routes to their
> > upstream#1 which they use ONLY for outbound traffic (cheap transit for
> > instance, and perhaps only for some portions of their total sources)
> > though they announce to upstreams#2-N the proper sources to gather the
> > return traffic. These things make uRPF 'difficult'.
> You could use uRPF-loose there, or the customer could do:
> !
> route-map outbound-only permit 10
>  match prefix-list myprefixes
>  set community no-export
> !

this does not address the problem, the customer's customer isn't
announcing routes for this traffic so there is nothing to no-export :(

the '' network is a customer of MCI, his customer "".
'' decides '' has priced transit cheaply this
year/month/day and choses not to accept traffic from '' but send
all outbound traffic through ''. '' never seens routes
for the sources sending this traffic, yet passes it along to the upstream,
which also has no routes for '' via ''.

Regardless, the point here is: "Things seem like they may be getting
better, as 'security' requirements are now firmly being included into new
equipment purchases."