Where is the edge of the Internet?
alok.dube at apara.com
Tue Nov 5 07:56:04 UTC 2002
see inline :o),
----- Original Message -----
From: Martin <marty at supine.com>
To: <nanog at nanog.org>
Sent: Tuesday, November 05, 2002 12:59 PM
Subject: Re: Where is the edge of the Internet?
$author = "alok" ;
> makes sense on the edge/aggregation but if you do it further up in
> the network.....there maybe some cases where we have assymetric routing,
> where the path of uplink is never the path the same as the downlink
hence the suggestion of "reachable-via any" rather then "route to source IP
must be out the interface packet came in" in the scenario you paint. it's
hard to block spoofed source addresses that actually exist in the routing
table except at the "edges", hence the discussion about where the "edge"
=====> ..he does cover it in the cisco docs...but then that means only the
edges..which means deployment problems and blah blah .... i was answering
the question as to why not on the "non customer facing side"......
if you pick the right places to implement filtering there is no need to do
it to all routers.
====> they will charge you a whooping sum for that "picking places" bit ;o)
... i agree that the best place to actually address such scenarios is the
"backbone"/"peering points"/"borders" where all traffic is seen..rather than
go around tinkering at all edges..but i dont know how RPF would address the
assymetry there.. but at the edges...depolyment costs is a problem..i
think...dont ask me if i have a better idea :o) i would be writing a paper
if i did.....
> infact the source network of the packet may never be present in the
> table....(it is possible, after all its a packet switched network and the
> routing is destination IP based) ...
ummmm, if the source address isn't in the routing table why would we bother
carrying the packet a single hop further?
=======> coz the destination network is there..... its still a viable config
isnt it..incase of assymetric uplinks and downlinks? ......wht stops u from
"not having a route to the source" as routing is destination IP based...
some particular network may be covered with 0.0.0.0/0 for example and you
may have no routing entry for it... or you could be having a customer who
uplinks a particular network segment via your ISP, but doesnt advertise his
network to you as he actually downlinks that network from somewhere
else...nothing to stop that topology either.........right?
More information about the NANOG