nanog mailing list archives
Re: Is it time to abandon bogon prefix filters?
From: Sean Donelan <sean () donelan com>
Date: Thu, 21 Aug 2008 20:03:19 -0400 (EDT)
On Tue, 19 Aug 2008, Kevin Loch wrote:
While you're at it, you also placed the reachable-via rx on all your customer interfaces. If you're paranoid, start with the 'any' rpf and then move to the strict rpf. The strict rpf also helps with routing loops.Be careful not to enable strict rpf on multihomed customers. This includesany bgp customer unless you know for sure they are single homed to you and that will notchange.
Isn't it time to change the assumption that sending arbitrary source IP addresses without checking is Ok?
Unless the customer has specifically told their ISP about all the IP addresses they intend to use as source IP addresses, shouldn't the default be to drop those packets.
If those multi-homed customers have not told their upstream ISPs about additional source IP addresses (hopefully also registered/authorized for use by the same customer) why can they still send packets with those source addresses? Instead shouldn't you say "Be careful if you are a using source IP addresses without informing your upstream."
In practice, how many multi-homed customers send packets with unannounced source IP addresses? And for those customers which do, why is the ISP unable to implement any of the alternative source IP checking options, such as using a ACL with uRPF or on the interface?
Current thread:
- Re: Is it time to abandon bogon prefix filters?, (continued)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 21)
- RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 24)
- Re: Is it time to abandon bogon prefix filters? Valdis . Kletnieks (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Chris Marlatt (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Valdis . Kletnieks (Aug 25)
- RE: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 26)
- Re: Is it time to abandon bogon prefix filters? Kevin Loch (Aug 19)
- Re: Is it time to abandon bogon prefix filters? Pekka Savola (Aug 19)
- Re: Is it time to abandon bogon prefix filters? Kevin Loch (Aug 20)
- Re: Is it time to abandon bogon prefix filters? Jo Rhett (Aug 21)
- Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 21)
- Re: Is it time to abandon bogon prefix filters? Jared Mauch (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Marshall Eubanks (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Mark Andrews (Aug 25)
- Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Patrick W. Gilmore (Aug 07)
- Re: Is it time to abandon bogon prefix filters? Rob Thomas (Aug 07)