Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: NSPs filter?

  • From: Hank Nussbacher
  • Date: Mon Aug 05 13:51:47 2002

On Mon, 5 Aug 2002, Barry Raveendran Greene wrote:

> But, what if you could "strict mode" packet filter on the ISP-ISP side? Lets
> say there was a dynamic uRPF filter that checked the source addresses
> against the eBGP routes coming into a link. In other words, if the source
> address from an ISP does not match the eBGP prefixes coming across from the
> peer, the packet would drop. So if some /8 prefixes are filtered on the eBGP
> side, they would get dropped on the ISP-ISP peering interface. For example,
> if I only send routes from AS X, then any packet whose source address is
> outside of AS X (say from AS Y) would not pass the uRPF check - resulting in
> a drop. Since this is based on the dynamics of the eBGP prefixes coming
> across the peering session, it would allow a "strict mode like" uRPF packet
> filtering on the ISP-ISP edge (with all the asymmetry found on the ISP-ISP
> edge).

How would this work for BGP Conditional Advertisement as per page 118 of
"Cisco ISP Essentials?"

:-)
Hank

> 
> The question is whether this is something people would want as an option. A
> uRPF mode that would enforce a peering agreement with dynamic packet
> filtering (dynamic is based on the eBGP advertisements that get throughthe
> peering filter).
> 
> Barry
> 







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.