[169510] in North American Network Operators' Group
Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Feb 28 11:51:02 2014
In-Reply-To: <CALFTrnPOLqJqLCaWQERpCVZV2jDAFfHMwhBbUUTNiFNA2hnWQw@mail.gmail.com>
Date: Fri, 28 Feb 2014 11:49:36 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Ray Soucy <rps@maine.edu>
Cc: NANOG <nanog@nanog.org>, Keegan Holley <no.spam@comcast.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Feb 28, 2014 at 9:02 AM, Ray Soucy <rps@maine.edu> wrote:
> If you have uRPF enabled on all your access routers then you can
> configure routing policy such that advertising a route for a specific
> host system will trigger uRPF to drop the traffic at the first hop, in
> hardware.
note that 'in hardware' is dependent upon the model used...
note that stuffing 2k (or 5 or 10 or...) extra routes into your edge
device could make it super unhappy.
your points are valid for your designed network... they may not work everywhere.
making the features you point out work better or be more widely known
seems like a great idea though :)
