North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: 69/8...this sucks -- Centralizing filtering..
- From: Jack Bates
- Date: Mon Mar 10 14:02:07 2003
From: "Mark Segal"
> Since most service providers should be thinking about a sink hole network
> for security auditing (and backscatter), why not have ONE place where you
> advertise all unreachable, or better yet -- a default (ie everything NOT
> learned through BGP peers), and just forward the packets to a bit bucket..
> Which is better than an access list since, now we are forwarding packets
> instead of sending them to a CPU to increase router load.
>
It would be nice if vendors had a variant to (in cisco terms) ip verify
unicast reverse-path that would work in asymmetrical networks. If you only
have a single link to the internet, the command works well, but then why
would you ever run bgp for a single uplink?
-Jack
|
