Where is the edge of the Internet? Re: no ip forged-source-address

bdragon at gweep.net bdragon at gweep.net
Thu Nov 7 22:09:45 UTC 2002


> fine now? u can put "loose"...its NO USE!! thats what i said..there will
> always be a route to the source....all u may drop is 10.x/192.168 and
> 172/16-31......that too if ur network isnt internally using it....
> 
> and if u end up putting "loose" an OSPF router ull drop valid traffic if ur
> not redistributing bgp etc..and if u are redistributing...well again the
> above argument holds true...every registered network will be there in BGP
> .....
> 
> -rgds
> Alok

Since you appear to have not looked into the various implementations of
RPF, I'll help you out.

RPF uses the FIB, the FIB is populated by all the RIBS, therefore OSPF
vs. BGP is a red herring.

In the case you describe, you can use semi-strict RPF, populated with all
of the networks associated with the customer. This would allow sources
from the customer, regardless of path back to those sources, still drop other
paths from which there is no path back to the source via the customer, is
more efficient than acls, and you already have the data if you are filtering
their route announcements.




More information about the NANOG mailing list