[56526] in North American Network Operators' Group
Re: 69/8...this sucks -- Centralizing filtering..
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon Mar 10 14:00:19 2003
From: "Jack Bates" <jbates@brightok.net>
To: <nanog@merit.edu>
Date: Mon, 10 Mar 2003 13:02:10 -0600
Errors-To: owner-nanog-outgoing@merit.edu
From: "Mark Segal"
> Since most service providers should be thinking about a sink hole network
> for security auditing (and backscatter), why not have ONE place where you
> advertise all unreachable, or better yet -- a default (ie everything NOT
> learned through BGP peers), and just forward the packets to a bit bucket..
> Which is better than an access list since, now we are forwarding packets
> instead of sending them to a CPU to increase router load.
>
It would be nice if vendors had a variant to (in cisco terms) ip verify
unicast reverse-path that would work in asymmetrical networks. If you only
have a single link to the internet, the command works well, but then why
would you ever run bgp for a single uplink?
-Jack
