nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 10,352 active botnets (was Re: register.com down sev0?

From: Jack Bates <jbates () brightok net>
Date: Thu, 26 Oct 2006 16:38:49 -0500

Matthew Crocker wrote:



Maybe the new slogan needs to be "Save the Internet! Train the chimps!"
Shouldnt 'ip verify unicast source reachable-by rx' be a default setting on all interfaces? Only to be removed by trained chimps?
Only if you wish to break existing configurations during IOS upgrades. I could see ip verify unicast source reachable-by any (less breakage), but rx will kill all types of good asymmetric routing. The largest breakage I have seen caused by rx is the link IP breakage caused by the router responding out multiple interfaces. It's also a problem when customers are straddling the fence, purposefully using asymmetric routing.
It would be nicer to have router support where a packet is acceptable if it's network is acceptable in the BGP (or IGP) policy/filter (ie, network may not be there, but it is allowed) as well as the link addresses associated with the BGP (or IGP) peer. 

-Jack
Previous By Date Next
Previous By Thread Next

Current thread: