Re: icmp rpf

• From: Bill Stewart
• Date: Wed Sep 27 19:08:31 2006

• Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pVUAt59CQQu1HCxT6eXfPcrZJoOAyrilEKy9Z6rPi5RmUiyi9xKpBnbSYPwKAW0qy+IJ7q/j8k08AGkw0QM3fFuqKXwupIPxC/SoaKUxJTGmA8VwRsh+naS9Oayw3PIlI2xTQ5ZyhSRe5DVFXkPzumoOX6fdH17koNwYPGnyNcA=

Possible approach for small.net - ok, you know that big.net will drop
any packets sourced from x.x.x.x if there's no route there (loose uRPF
for downstream ISPs like small.net, strict uRPF for end-users.)  So
give them a route.  Either give them a route on one of your direct
interfaces to them, and then get rid of the packets by ACL or by
null-routing it, or if that causes too much trouble, get yourself a
56kbps line from a spare router and advertise it from there.

• References:
  • Re: icmp rpf Mark Smith
  • Re: icmp rpf Mark Kent

• Prev by Date: AW: Power problems at Telecity Amsterdam
• Next by Date: Google Outage Yesterday
• Date Index
• Thread Index
• Author Index
• Historical