North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: aggregation & table entries

  • From: Stephen Stuart
  • Date: Wed Oct 13 17:28:32 2004

> > The second is a harder problem, because of the business decisions
> > of some providers to source packets from prefixes that they do
> > not announce.
> 
> i presume you are not intending to recommend that i drop packets
> that multi-homed customers hand me when they have also asked me to
> de-pref the prefix from which they come?  i might be their backup
> for inbound, but they need to balance their outbound.

No, I'm not recommending that.

In the example that you give, the prefix from which the packets in
question will be sourced *is* offered as a destination? Assuming yes,
then regardless of whether that offer is selected as the best to use
to reach the destination or not, the edge router that needs to make
the decision to accept or reject packets sourced in that prefix can
use its knowledge that the offer was made to accept packets.

The problem is differentiating these two cases:

1. the offer of a route to a prefix is not made but packets sourced in
   that prefix are legitimate and are expected to be forwarded; the
   reverse path is only available through a different AS

2. the source address is spoofed; packets are not legitimate and should
   be dropped

Once upon a time, I tried to enable loose-mode uRPF on a peering
interface, effectively treating #1 as #2. The complaints were
relatively instantaneous (at 2am local for me, a traffic-low time),
and not localized to a specific source prefix (the majority were
residential broadband users); I wound up turning the loose-mode uRPF
check off in fairly short order.

Attempts to discover why #1 was happening ended with technical people
shrugging their shoulders and saying that the money people made them
do it.

Stephen