nanog mailing list archives
Re: no ip forged-source-address
From: Jared Mauch <jared () puck Nether net>
Date: Wed, 30 Oct 2002 14:08:26 -0500
On Wed, Oct 30, 2002 at 08:02:13PM +0100, Lars Erik Gullerud wrote:
On Wed, 2002-10-30 at 16:44, variable () ednet co uk wrote:Therefore, would it be a reasonable suggestion to ask router vendors to source address filtering in as an option[1] on the interface and then move it to being the default setting[2] after a period of time? This appeared to have some success with reducing the number of networks that forwarded broadcast packets (as with "no ip directed-broadcast").[snip][1] For example, an IOS config might be: interface fastethernet 1/0 no ip forged-source-addressWell, this already exists, doesn't it? Try the following on your customer-facing interface: ip verify unicast source reachable-via rx[2] Network admins would still have the option of turning it off, but this would have to be explicitly configured.I have a feeling that having strict uRPF as the default setting on an interface would be very badly received by a lot of ISP's. I know I certainly wouldn't like it very much. Is it really the job of router vendors to protect the net from lazy/incompetent/ignorant network admins?
No, but I can't enable these features on all my router interfaces without causing delays/drops due to poor inital design quality and lack of long-term vision for linecards manufactured. The rush for time-to-market can cause you to lose in the long-term due to lack of features. - jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- no ip forged-source-address variable (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- Re: no ip forged-source-address Lars Erik Gullerud (Oct 30)
- Re: no ip forged-source-address Jared Mauch (Oct 30)
- Re: no ip forged-source-address Hank Nussbacher (Oct 30)
- Re: no ip forged-source-address Barney Wolff (Oct 30)
- Re: no ip forged-source-address Craig A. Huegen (Oct 30)
- Re: no ip forged-source-address Jared Mauch (Oct 30)
- Re: no ip forged-source-address Petri Helenius (Oct 30)
- RE: no ip forged-source-address Tony Hain (Oct 30)
- Re: no ip forged-source-address Jim Forster (Oct 30)
- Message not available
- Re: no ip forged-source-address Daniel Senie (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- <Possible follow-ups>
- Re: no ip forged-source-address Daniel Senie (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)