[53274] in North American Network Operators' Group
Re: Where is the edge of the Internet? Re: no ip forged-source-address
daemon@ATHENA.MIT.EDU (alok)
Thu Nov 7 14:23:06 2002
From: "alok" <alok.dube@apara.com>
To: <bdragon@gweep.net>
Cc: <nanog@merit.edu>
Date: Fri, 8 Nov 2002 01:01:33 +0530
Errors-To: owner-nanog-outgoing@merit.edu
there was a comment from chris saying..."never possible to knw what networks
an bgp customer uplinks via you" which is very true.. ..so i assume u mean
non-bgp customers? loose or strict, rpf will not work for aasymterically
connected bgp neighbouring AS....
----- Original Message -----
From: <bdragon@gweep.net>
To: alok <alok.dube@apara.com>
Cc: <nanog@nanog.org>
Sent: Friday, November 08, 2002 12:41 AM
Subject: Re: Where is the edge of the Internet? Re: no ip
forged-source-address
> > I'm opposed to some of the suggestions where to put source address
> > filters, especially placing them in "non-edge" locations. E.g.
requiring
> > address filters at US border crossings is a *bad* idea, worthy of an
> > official visit from the bad idea fairy.
>
> What is bad about filtering facing non-customers, if loose rpf is
> used? I'm assuming this is what you mean by "border crossings" rather than
> the literal.
>
> --------->makes sense on the edge/aggregation but if you do it further up
in
> the network.....there maybe some cases where we have assymetric routing,
> where the path of uplink is never the path the same as the downlink, and
> infact the source network of the packet may never be present in the
routing
> table....(it is possible, after all its a packet switched network and the
> routing is destination IP based) ...
Right, which is why I specifically mentioned loose rpf, vs. strict rpf.
Even further up the customer chain, you'll still have a list of customer
networks (assuming folks are doing the right thing by filtering customer
bgp announcements) which could be used as an input to strict rpf.
