69/8...this sucks -- Centralizing filtering..

• Previous message (by thread): 69/8...this sucks -- Centralizing filtering..
• Next message (by thread): 69/8...this sucks -- Centralizing filtering..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Mark Segal"

> Since most service providers should be thinking about a sink hole network
> for security auditing (and backscatter),  why not have ONE place where you
> advertise all unreachable, or better yet -- a default (ie everything NOT
> learned through BGP peers), and just forward the packets to a bit bucket..
> Which is better than an access list since, now we are forwarding packets
> instead of sending them to a CPU to increase router load.
>
It would be nice if vendors had a variant to (in cisco terms) ip verify
unicast reverse-path that would work in asymmetrical networks. If you only
have a single link to the internet, the command works well, but then why
would you ever run bgp for a single uplink?

-Jack

• Previous message (by thread): 69/8...this sucks -- Centralizing filtering..
• Next message (by thread): 69/8...this sucks -- Centralizing filtering..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]