[53277] in North American Network Operators' Group
Re: Where is the edge of the Internet? Re: no ip forged-source-address
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Nov 7 14:54:22 2002
To: alok <alok.dube@apara.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Fri, 08 Nov 2002 01:01:33 +0530."
<015401c28694$4a7ec920$81c802c0@alok>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 07 Nov 2002 14:53:43 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1720179204P
Content-Type: text/plain; charset=us-ascii
On Fri, 08 Nov 2002 01:01:33 +0530, alok said:
> there was a comment from chris saying..."never possible to knw what networks
> an bgp customer uplinks via you" which is very true.. ..so i assume u mean
> non-bgp customers? loose or strict, rpf will not work for aasymterically
> connected bgp neighbouring AS....
If loose rpf doesn't work, you're about to start dropping packets *anyhow*.
Unless, of course, you *INTENDED* to have a topology where you're accepting
traffic from another AS and forwarding it, and you don't have a return path
yourself, but the destination *does* have an assymetric path.
Oh.. and you have to consider it acceptable that if any OTHER customer, connected
to that part of your AS that doesn't have a route, tries to contact the
source, that they can't get there.
Sounds like you're trying to either shoot yourself in the foot, or design a
new too-clever-by-half way of building a VPN.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_1720179204P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9ysTHcC3lWbTT17ARApZ/AKCICRimwPg08isd/xcuMYyXM8BYmgCgy/fU
ICuf9Kqk6Chnz2kPIk1UeMs=
=lpuT
-----END PGP SIGNATURE-----
--==_Exmh_1720179204P--
