nanog mailing list archives
Re: aggregation & table entries
From: Stephen Stuart <stuart () tech org>
Date: Wed, 13 Oct 2004 14:26:32 -0700
The second is a harder problem, because of the business decisions of some providers to source packets from prefixes that they do not announce.i presume you are not intending to recommend that i drop packets that multi-homed customers hand me when they have also asked me to de-pref the prefix from which they come? i might be their backup for inbound, but they need to balance their outbound.
No, I'm not recommending that. In the example that you give, the prefix from which the packets in question will be sourced *is* offered as a destination? Assuming yes, then regardless of whether that offer is selected as the best to use to reach the destination or not, the edge router that needs to make the decision to accept or reject packets sourced in that prefix can use its knowledge that the offer was made to accept packets. The problem is differentiating these two cases: 1. the offer of a route to a prefix is not made but packets sourced in that prefix are legitimate and are expected to be forwarded; the reverse path is only available through a different AS 2. the source address is spoofed; packets are not legitimate and should be dropped Once upon a time, I tried to enable loose-mode uRPF on a peering interface, effectively treating #1 as #2. The complaints were relatively instantaneous (at 2am local for me, a traffic-low time), and not localized to a specific source prefix (the majority were residential broadband users); I wound up turning the loose-mode uRPF check off in fairly short order. Attempts to discover why #1 was happening ended with technical people shrugging their shoulders and saying that the money people made them do it. Stephen
Current thread:
- Re: BCP38 making it work, solving problems, (continued)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 13)
- Re: BCP38 making it work, solving problems Stephen J. Wilcox (Oct 13)
- aggregation & table entries bmanning (Oct 13)
- Re: aggregation & table entries Stephen Stuart (Oct 13)
- Re: aggregation & table entries bmanning (Oct 13)
- Re: aggregation & table entries joshua sahala (Oct 13)
- Re: aggregation & table entries Kevin Oberman (Oct 13)
- Re: aggregation & table entries bmanning (Oct 13)
- Re: aggregation & table entries Joe Provo (Oct 13)
- Re: aggregation & table entries Randy Bush (Oct 13)
- Re: aggregation & table entries Stephen Stuart (Oct 13)
- Re: aggregation & table entries Randy Bush (Oct 13)
- Re: aggregation & table entries Stephen Stuart (Oct 13)
- Re: aggregation & table entries Randy Bush (Oct 13)
- Re: aggregation & table entries Stephen Stuart (Oct 13)
- Re: aggregation & table entries Michael . Dillon (Oct 14)
- Re: aggregation & table entries Pekka Savola (Oct 13)
- Re: aggregation & table entries Daniel Roesen (Oct 14)
- Re: aggregation & table entries Pekka Savola (Oct 14)
- Re: aggregation & table entries Daniel Roesen (Oct 14)
- Re: aggregation & table entries Iljitsch van Beijnum (Oct 14)