[127236] in North American Network Operators' Group
Re: Todd Underwood was a little late
daemon@ATHENA.MIT.EDU (William Herrin)
Thu Jun 17 17:10:48 2010
In-Reply-To: <4C19A6D2.6030603@gmail.com>
From: William Herrin <bill@herrin.us>
Date: Thu, 17 Jun 2010 17:10:15 -0400
To: Roy <r.engehausen@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jun 17, 2010 at 12:38 AM, Roy <r.engehausen@gmail.com> wrote:
> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>>=A0With a larger
>> network, multiple IP blocks, ***numerous multihomed customers***, some o=
f which
>> use IP's we've assigned them, it gets a little more complicated to do.
>> I could reject at our border, packets sourced from our IP ranges with
>> exceptions for any of the IP blocks we've assigned to multihomed custome=
rs.
>
> Sounds like a good use of URPF.
Reverse path filtering + asymmetric routing =3D epic fail. Jon did say
Multihomed customer.
Refer to RFC 3704 (BCP84). Note section 2.2 (Strict Reverse Path
Forwarding) last part of the final sentence: "in particular, when
applied to multihoming to different ISPs, this assumption may fail."
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
