Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: no ip forged-source-address

  • From: variable@ednet.co.uk
  • Date: Wed Oct 30 11:23:25 2002

On Wed, 30 Oct 2002, Daniel Senie wrote:

> BCP 38 is quite explicit in the need for all networks to do their part. The 
> document is quite effective provided there's cooperation.

Doesn't seem to be working.
 
> Which interface would you filter on? 

Customer ingress ports on the ISP side, which I suspect are the majority
of ports in ISP networks.  Hopefully engineers on the backbone will be
clueful enough to turn it off.

> If we're talking about a router at the customer premesis, the filters
> should be on the link to the ISP (the customer may well have more
> subnets internally). At the ISP end, doing the filtering you suggest
> would not work, since it'd permit only the IP addresses of the link
> between the customer and user.

The routing table of the router should be used to build up a list of 
prefixes that you should see through the interface.  In this way, you 
could apply it to BGP customers too without having to create filters by 
hand.

Regards,


Rich





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.