Who does source address validation? (was Re: what's that smell?)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Oct 8 15:58:23 UTC 2002
On Tue, 08 Oct 2002 09:34:19 MDT, Danny McPherson <danny at tcb.net> said:
> > "ip verify unicast source reachable-via any"
> Of course, this is the IP RIB and may not include all the
> potential paths in the BGP Adj-RIBs-In, right? As such,
> you've still got the potential for asymmetric routing to
> break things.
"reachable-via any" means you're only going to drop the packet if you
don't have *ANY* route back to them. I think that if you're in a situation
where you have asymmetric routing, and have a packet coming in on one path
that you theoretically COULD send to the destination, and the destination
has an alternate-path route back to the source, *but you don't have ANY route*,
then you're already in a "broken" state anyhow.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021008/521dc40b/attachment.sig>
More information about the NANOG
mailing list