nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 making it work, solving problems

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Tue, 12 Oct 2004 14:17:34 +0000 (GMT)

On Tue, 12 Oct 2004, Niels Bakker wrote:



* christopher.morrow () mci com (Christopher L. Morrow) [Tue 12 Oct 2004, 05:18 CEST]:

a common occurance we've seen is a customer of a customer NOT
announcing , nor planning on announcing, their routes to their
upstream#1 which they use ONLY for outbound traffic (cheap transit for
instance, and perhaps only for some portions of their total sources)
though they announce to upstreams#2-N the proper sources to gather the
return traffic. These things make uRPF 'difficult'.


You could use uRPF-loose there, or the customer could do:

!
route-map outbound-only permit 10
 match prefix-list myprefixes
 set community no-export
!


this does not address the problem, the customer's customer isn't
announcing routes for this traffic so there is nothing to no-export :(
Example:

the 'chris.net' network is a customer of MCI, his customer "bakker.net".
'bakker.net' decides 'chris.net' has priced transit cheaply this
year/month/day and choses not to accept traffic from 'chris.net' but send
all outbound traffic through 'chris.net'. 'chris.net' never seens routes
for the sources sending this traffic, yet passes it along to the upstream,
which also has no routes for 'bakker.net' via 'chris.net'.

Regardless, the point here is: "Things seem like they may be getting
better, as 'security' requirements are now firmly being included into new
equipment purchases."
Previous By Date Next
Previous By Thread Next

Current thread: