[53282] in North American Network Operators' Group
Re: Where is the edge of the Internet? Re: no ip forged-source-address
daemon@ATHENA.MIT.EDU (alok)
Thu Nov 7 15:42:19 2002
From: "alok" <alok.dube@apara.com>
To: <Valdis.Kletnieks@vt.edu>
Cc: <nanog@merit.edu>
Date: Fri, 8 Nov 2002 02:20:35 +0530
Errors-To: owner-nanog-outgoing@merit.edu
if what u mean by loose is "exist only" then yes on a bgp running router
probably the WHOLE INTERNET IS EXIST ONLY...that surely gives u enuf ips to
spoof with....?? how do u block by source?????????
you could only know that "frrom that link between as-1 and as-2 there will
be some traffic from a network IP of AS-1" etc...which still is a huge
network..enuf to spoof lots of IPs.....
=====> for clarification.....i mean "any *registered* netowrk of AS-1 can
uplink via this link" ...this link may not be the downlink for this network
into AS-1 but can still be an uplink.....
fine now? u can put "loose"...its NO USE!! thats what i said..there will
always be a route to the source....all u may drop is 10.x/192.168 and
172/16-31......that too if ur network isnt internally using it....
and if u end up putting "loose" an OSPF router ull drop valid traffic if ur
not redistributing bgp etc..and if u are redistributing...well again the
above argument holds true...every registered network will be there in BGP
.....
-rgds
Alok
