North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: icmp rpf
- From: Bill Stewart
- Date: Wed Sep 27 19:08:31 2006
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pVUAt59CQQu1HCxT6eXfPcrZJoOAyrilEKy9Z6rPi5RmUiyi9xKpBnbSYPwKAW0qy+IJ7q/j8k08AGkw0QM3fFuqKXwupIPxC/SoaKUxJTGmA8VwRsh+naS9Oayw3PIlI2xTQ5ZyhSRe5DVFXkPzumoOX6fdH17koNwYPGnyNcA=
Possible approach for small.net - ok, you know that big.net will drop
any packets sourced from x.x.x.x if there's no route there (loose uRPF
for downstream ISPs like small.net, strict uRPF for end-users.) So
give them a route. Either give them a route on one of your direct
interfaces to them, and then get rid of the packets by ACL or by
null-routing it, or if that causes too much trouble, get yourself a
56kbps line from a spare router and advertise it from there.
|
