Re: Where is the edge of the Internet? Re: no ip forged-source-address

["alok" <alok.dube () apara com>]

there was a comment from chris saying..."never possible to knw what networks
an bgp customer uplinks via you" which is very true.. ..so i assume u mean
non-bgp customers? loose or strict, rpf will not work for aasymterically
connected bgp neighbouring AS....

----- Original Message -----
From: <bdragon () gweep net>
To: alok <alok.dube () apara com>
Cc: <nanog () nanog org>
Sent: Friday, November 08, 2002 12:41 AM
Subject: Re: Where is the edge of the Internet? Re: no ip
forged-source-address



> > I'm opposed to some of the suggestions where to put source address
> > filters, especially placing them in "non-edge" locations.  E.g.
requiring
> > address filters at US border crossings is a *bad* idea, worthy of an
> > official visit from the bad idea fairy.
>
> What is bad about filtering facing non-customers, if loose rpf is
> used? I'm assuming this is what you mean by "border crossings" rather than
> the literal.
>
> --------->makes sense on the edge/aggregation but if you do it further up
in
> the network.....there maybe some cases where we have assymetric routing,
> where the path of uplink is never the path the same as the downlink, and
> infact the source network of the packet may never be present in the
routing
> table....(it is possible, after all its a packet switched network and the
> routing is destination IP based) ...

Right, which is why I specifically mentioned loose rpf, vs. strict rpf.

Even further up the customer chain, you'll still have a list of customer
networks (assuming folks are doing the right thing by filtering customer
bgp announcements) which could be used as an input to strict rpf.