nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Effective ways to deal with DDoS attacks?

From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Thu, 2 May 2002 19:46:21 +0200 (CEST)

On Thu, 2 May 2002, Richard A Steenbergen wrote:


RPF works by matching the source address of the packet against the CEF
table, in addition to the normal match against the destination address.
There are multiple modes of operation, ranging from "is there a route
for the source address to the specific interface it come in on" to "is
there a route to the source address for ANY interface on the box" The
former is used to stop your single homed customers from spoofing wildly
into the internet.


You can do this for multihomed customers to: it's just that multihomed
customers can't use it for traffic coming from their transits (= you),
because uRPF breaks asymmetric routing.
Previous By Date Next
Previous By Thread Next

Current thread: