[61227] in North American Network Operators' Group
Re: Lazy Engineers and Viable Excuses
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Aug 26 11:07:11 2003
Date: Tue, 26 Aug 2003 11:03:12 -0400
From: Leo Bicknell <bicknell@ufp.org>
To: NANOG <nanog@merit.edu>
Mail-Followup-To: NANOG <nanog@merit.edu>
In-Reply-To: <20030826144300.GB22322@puck.nether.net>
Errors-To: owner-nanog-outgoing@merit.edu
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Tue, Aug 26, 2003 at 10:43:00AM -0400, Jared Mauch =
wrote:
> Yes I could, if you and your customers had all the routes
> they sourced packest from registered. This has nothing to do
> with routing 101, this has to do with filtering customers and
> having anti-spoofing filters as well as route objects for any
> prefix you will source packets from. =20
___T1 to Verio, With BGP____Verio______
/ \
Customer UUnet
\ /
---T1 to Sprint, No BGP-----Sprint-----
Now, the customer, over their two T1 transit circuits does the
following:
as-path access-list 1 deny .*
neighbor verio filter-list 1 in
ip route 0.0.0.0 0.0.0.0 sprint
Should the customer have to register a route with Sprint to make
this work? How does UUNet, who only received a route from Verio,
know incoming packets from Sprint aren't spoofed? Note also, even
if these cases are in the IRR, UUNet's filter for Sprint will be
larger than the number of routes currently received, since there is
no route for this prefix that needs to be in the filter.
[Note, I don't suggest this configuration is common or useful on
its own, but rather it's a simple enough case it can be used for
discussion in e-mail.]
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/S3awNh6mMG5yMTYRAnulAJ9whaTFds6LZ14+iwYqhOEpipCPZwCfVzaQ
8SFunFzI5QON+wfUC6piuA4=
=CpMm
-----END PGP SIGNATURE-----
--HcAYCG3uE/tztfnV--
