nanog mailing list archives
Re: Todd Underwood was a little late
From: Steve Bertrand <steve () ipv6canada com>
Date: Fri, 18 Jun 2010 08:37:24 -0400
On 2010.06.17 17:10, William Herrin wrote:
On Thu, Jun 17, 2010 at 12:38 AM, Roy <r.engehausen () gmail com> wrote:On 6/16/2010 7:43 PM, Jon Lewis wrote:With a larger network, multiple IP blocks, ***numerous multihomed customers***, some of which use IP's we've assigned them, it gets a little more complicated to do. I could reject at our border, packets sourced from our IP ranges with exceptions for any of the IP blocks we've assigned to multihomed customers.Sounds like a good use of URPF.Reverse path filtering + asymmetric routing = epic fail. Jon did say Multihomed customer.
What RPF can do in this case though, is pro-actively prevent possible future problems. If all IP blocks are tied down to null, and urpf is enabled in loose mode on an interface, it will catch cases where someone is sourcing traffic to you using IPs from the unassigned space that you have in your free pools. Every month or so I re-route my blackholed traffic to a sinkhole, and more often than not, I see some ingress traffic from my unassigned space. Steve
Current thread:
- Todd Underwood was a little late Jon Lewis (Jun 16)
- Re: Todd Underwood was a little late Mark Andrews (Jun 16)
- Re: Todd Underwood was a little late Jon Lewis (Jun 16)
- Re: Todd Underwood was a little late Mark Andrews (Jun 16)
- Re: Todd Underwood was a little late Roy (Jun 16)
- Re: Todd Underwood was a little late Garrett Skjelstad (Jun 16)
- Re: Todd Underwood was a little late Brian Feeny (Jun 17)
- Re: Todd Underwood was a little late William Herrin (Jun 17)
- Re: Todd Underwood was a little late Steve Bertrand (Jun 18)
- Re: Todd Underwood was a little late Chris Adams (Jun 18)
- Re: Todd Underwood was a little late Steve Bertrand (Jun 18)
- Re: Todd Underwood was a little late William Herrin (Jun 18)
- Re: Todd Underwood was a little late Steve Bertrand (Jun 18)
- Re: Todd Underwood was a little late William Herrin (Jun 18)
- Re: Todd Underwood was a little late Jon Lewis (Jun 16)
- Re: Todd Underwood was a little late Mark Andrews (Jun 16)
- Re: Todd Underwood was a little late Owen DeLong (Jun 17)
- Re: Todd Underwood was a little late Frank Habicht (Jun 18)
- Re: Todd Underwood was a little late Christopher Morrow (Jun 17)