nanog mailing list archives
Re: 69/8...this sucks -- Centralizing filtering..
From: Russell Heilling <russell () ccie org uk>
Date: Mon, 10 Mar 2003 21:38:48 +0000
On Mon, Mar 10, 2003 at 01:39:26PM -0600, Jack Bates wrote:
Oh, I agree that there are times when BGP is used in a single uplink scenario, but it is not common. However, someone pointed me to ip verify unicast source reachable-via any which seems to be available on some of the cisco Service provider releases. It's an interesting concept and I'm itching to play with it. If you aren't in my routing table, then why accept the IP address?
I've been using this method to do "loose source verification" for a while now, and it's certainly better than nothing, but it doesn't really do as much as it should when you only receive a partial table from a peer. I've been toying with the idea of supporting strict reverse path verification on peering links by using vrfs. It works really well in the Lab, but migrating the whole network into an MPLS VPN just to get some extra source filtering ability seems a little extreme to me for some reason... ;) It'd work really well if Cisco allowed the global table as a vrf import/export target though. -- Russell Heilling http://www.ccie.org.uk PGP: finger russellh () bela homeunix net
Attachment:
_bin
Description:
Current thread:
- RE: 69/8...this sucks -- Centralizing filtering.., (continued)
- RE: 69/8...this sucks -- Centralizing filtering.. Mark Segal (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Mark Segal (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Haesu (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Michael . Dillon (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Rob Thomas (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. James-lists (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Rob Thomas (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Michael . Dillon (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Michael . Dillon (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. McBurnett, Jim (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Jack Bates (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Russell Heilling (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Jack Bates (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. McBurnett, Jim (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Michael Whisenant (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. jlewis (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Michael Whisenant (Mar 11)
- Re: 69/8...this sucks -- Centralizing filtering.. Chris Adams (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. jlewis (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Todd A. Blank (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Simon Lyall (Mar 10)
- Re: 69/8...this sucks -- Centralizing filtering.. Jack Bates (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. jlewis (Mar 10)
- 202/7 (RE: 69/8...this sucks -- Centralizing filtering..) E.B. Dreger (Mar 10)
- RE: 69/8...this sucks -- Centralizing filtering.. Simon Lyall (Mar 10)
(Thread continues...)