[47537] in North American Network Operators' Group
Re: uRPF Loose Check Mode vs. ACL
daemon@ATHENA.MIT.EDU (Richard A Steenbergen)
Mon May 6 01:44:06 2002
Date: Mon, 6 May 2002 01:43:39 -0400
From: Richard A Steenbergen <ras@e-gerbil.net>
To: Valdis.Kletnieks@vt.edu
Cc: nanog@merit.edu
Message-ID: <20020506054339.GP523@overlord.e-gerbil.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200205060450.g464orQn009989@foo-bar-baz.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, May 06, 2002 at 12:50:53AM -0400, Valdis.Kletnieks@vt.edu wrote:
> On Sun, 05 May 2002 22:11:12 EDT, Richard A Steenbergen said:
> > What we all really need is a protocol which can distribute filtering
> > information network-wide. Go make one. :)
>
> No, what we need is a protocol that can do *secured* distribution of
> filtering info net-wide. Otherwise, some bozo is going to accidentally
> inject a flter for 127/8, causing as much fun as the announcement of same
> a few years ago. And I'm *sure* there's at least a few people on this
> list that would be *very* tempted to inject filters for RFC1918 space
> for the benefit of those providers that don't egress filter it currently ;)
Nononono, by network-wide I ment *MY* network not the Internet. :) Though
I really wouldn't mind seeing a well known community for "nexthop null0".
How can people sit around pontificating on useless features for useless
protocols all day long, and yet not do this?
BTW, I don't know what announcing 127/8 would break since that should
never leave or enter any systems, and I still take issue with the need to
filter 1918 packets.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
