[52671] in North American Network Operators' Group
Re: Who does source address validation? (was Re: what's that smell?)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Oct 8 11:59:14 2002
To: danny@tcb.net
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 08 Oct 2002 09:34:19 MDT."
<200210081534.g98FYJX32278@tcb.net>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 08 Oct 2002 11:58:23 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1095267283P
Content-Type: text/plain; charset=us-ascii
On Tue, 08 Oct 2002 09:34:19 MDT, Danny McPherson <danny@tcb.net> said:
> > "ip verify unicast source reachable-via any"
> Of course, this is the IP RIB and may not include all the
> potential paths in the BGP Adj-RIBs-In, right? As such,
> you've still got the potential for asymmetric routing to
> break things.
"reachable-via any" means you're only going to drop the packet if you
don't have *ANY* route back to them. I think that if you're in a situation
where you have asymmetric routing, and have a packet coming in on one path
that you theoretically COULD send to the destination, and the destination
has an alternate-path route back to the source, *but you don't have ANY route*,
then you're already in a "broken" state anyhow.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_1095267283P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9owCfcC3lWbTT17ARAiYsAJ9RlOvOrTkpFAyq04zT6mP+BRLBZwCg4fIC
37E1JQUzTuiwS3Qh2u9GYZw=
=vpZV
-----END PGP SIGNATURE-----
--==_Exmh_1095267283P--
