Re: Lazy Engineers and Viable Excuses

["Stephen J. Wilcox" <steve () telecomplete co uk>]

On Tue, 26 Aug 2003, Leo Bicknell wrote:

> In a message written on Tue, Aug 26, 2003 at 10:43:00AM -0400, Jared Mauch wrote:
> >     Yes I could, if you and your customers had all the routes
> > they sourced packest from registered.  This has nothing to do
> > with routing 101, this has to do with filtering customers and
> > having anti-spoofing filters as well as route objects for any
> > prefix you will source packets from.  
>
>
>          ___T1 to Verio, With BGP____Verio______
>         /                                       \
> Customer                                         UUnet
>         \                                       /
>          ---T1 to Sprint, No BGP-----Sprint-----
>
> Now, the customer, over their two T1 transit circuits does the
> following:
>
> as-path access-list 1 deny .*
>
> neighbor verio filter-list 1 in
>
> ip route 0.0.0.0 0.0.0.0 sprint
>
> Should the customer have to register a route with Sprint to make
> this work?  How does UUNet, who only received a route from Verio,
> know incoming packets from Sprint aren't spoofed?  Note also, even
> if these cases are in the IRR, UUNet's filter for Sprint will be
> larger than the number of routes currently received, since there is
> no route for this prefix that needs to be in the filter.
>
> [Note, I don't suggest this configuration is common or useful on
> its own, but rather it's a simple enough case it can be used for
> discussion in e-mail.]

Hmm this isnt a real world scenario tho.. if you multihome there should be BGP 
on both paths..

In the example above Sprint arent accepting or sourcing a route so there is no
issue on routes being passed into Sprint or UUNET and we're talking here about
spoofing of routes not packets

Steve