Re: no ip forged-source-address

(no email)
Date: Wed Oct 30 2002 - 11:20:58 EST


On Wed, 30 Oct 2002, Daniel Senie wrote:

> BCP 38 is quite explicit in the need for all networks to do their part. The
> document is quite effective provided there's cooperation.

Doesn't seem to be working.
 
> Which interface would you filter on?

Customer ingress ports on the ISP side, which I suspect are the majority
of ports in ISP networks. Hopefully engineers on the backbone will be
clueful enough to turn it off.

> If we're talking about a router at the customer premesis, the filters
> should be on the link to the ISP (the customer may well have more
> subnets internally). At the ISP end, doing the filtering you suggest
> would not work, since it'd permit only the IP addresses of the link
> between the customer and user.

The routing table of the router should be used to build up a list of
prefixes that you should see through the interface. In this way, you
could apply it to BGP customers too without having to create filters by
hand.

Regards,

Rich








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD