[52673] in North American Network Operators' Group
Re: Who does source address validation? (was Re: what's that smell?)
daemon@ATHENA.MIT.EDU (Jeff Aitken)
Tue Oct 8 12:10:22 2002
Date: Tue, 8 Oct 2002 12:09:56 -0400
From: Jeff Aitken <jaitken@aitken.com>
To: Jared Mauch <jared@puck.Nether.net>
Cc: Danny McPherson <danny@tcb.net>, nanog@merit.edu
In-Reply-To: <20021008154941.GF24195@puck.nether.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Oct 08, 2002 at 11:49:41AM -0400, Jared Mauch wrote:
> > Of course, this is the IP RIB and may not include all the
> > potential paths in the BGP Adj-RIBs-In, right? As such,
> > you've still got the potential for asymmetric routing to
> > break things.
>
> No, this is "if i have a path in fib" back to this source,
> transmit else drop;
Unless I'm missing something, that's what he said; fib == loc-rib
for the purposes of this discussion, and loc-rib is built from the
various adj-ribs-in.
That said, I'm curious to know how asymmetric routing can break
this. As long as someone is sending (and you are installing) a
prefix that includes the source address this check will pass.
If you don't have a route back to the source at all, that isn't
asymmetric routing, it's network partitioning, assuming the source
is legitimate.
--Jeff
