Todd Underwood was a little late
steve at ipv6canada.com
Fri Jun 18 07:37:24 CDT 2010
On 2010.06.17 17:10, William Herrin wrote:
> On Thu, Jun 17, 2010 at 12:38 AM, Roy <r.engehausen at gmail.com> wrote:
>> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>>> With a larger
>>> network, multiple IP blocks, ***numerous multihomed customers***, some of which
>>> use IP's we've assigned them, it gets a little more complicated to do.
>>> I could reject at our border, packets sourced from our IP ranges with
>>> exceptions for any of the IP blocks we've assigned to multihomed customers.
>> Sounds like a good use of URPF.
> Reverse path filtering + asymmetric routing = epic fail. Jon did say
> Multihomed customer.
What RPF can do in this case though, is pro-actively prevent possible
If all IP blocks are tied down to null, and urpf is enabled in loose
mode on an interface, it will catch cases where someone is sourcing
traffic to you using IPs from the unassigned space that you have in your
Every month or so I re-route my blackholed traffic to a sinkhole, and
more often than not, I see some ingress traffic from my unassigned space.
More information about the NANOG