69/8...this sucks -- Centralizing filtering..
Jack Bates
jbates at brightok.net
Mon Mar 10 19:02:10 UTC 2003
From: "Mark Segal"
> Since most service providers should be thinking about a sink hole network
> for security auditing (and backscatter), why not have ONE place where you
> advertise all unreachable, or better yet -- a default (ie everything NOT
> learned through BGP peers), and just forward the packets to a bit bucket..
> Which is better than an access list since, now we are forwarding packets
> instead of sending them to a CPU to increase router load.
>
It would be nice if vendors had a variant to (in cisco terms) ip verify
unicast reverse-path that would work in asymmetrical networks. If you only
have a single link to the internet, the command works well, but then why
would you ever run bgp for a single uplink?
-Jack
More information about the NANOG
mailing list