North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: 10,352 active botnets (was Re: register.com down sev0?
Matthew Crocker wrote:
Only if you wish to break existing configurations during IOS upgrades. I could see ip verify unicast source reachable-by any (less breakage), but rx will kill all types of good asymmetric routing. The largest breakage I have seen caused by rx is the link IP breakage caused by the router responding out multiple interfaces. It's also a problem when customers are straddling the fence, purposefully using asymmetric routing.Shouldnt 'ip verify unicast source reachable-by rx' be a default setting on all interfaces? Only to be removed by trained chimps?Maybe the new slogan needs to be "Save the Internet! Train the chimps!"
It would be nicer to have router support where a packet is acceptable if it's network is acceptable in the BGP (or IGP) policy/filter (ie, network may not be there, but it is allowed) as well as the link addresses associated with the BGP (or IGP) peer.