North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: no ip forged-source-address
- From: email@example.com
- Date: Wed Oct 30 11:23:25 2002
On Wed, 30 Oct 2002, Daniel Senie wrote:
> BCP 38 is quite explicit in the need for all networks to do their part. The
> document is quite effective provided there's cooperation.
Doesn't seem to be working.
> Which interface would you filter on?
Customer ingress ports on the ISP side, which I suspect are the majority
of ports in ISP networks. Hopefully engineers on the backbone will be
clueful enough to turn it off.
> If we're talking about a router at the customer premesis, the filters
> should be on the link to the ISP (the customer may well have more
> subnets internally). At the ISP end, doing the filtering you suggest
> would not work, since it'd permit only the IP addresses of the link
> between the customer and user.
The routing table of the router should be used to build up a list of
prefixes that you should see through the interface. In this way, you
could apply it to BGP customers too without having to create filters by