aggregation & table entries

• Previous message (by thread): aggregation & table entries
• Next message (by thread): aggregation & table entries
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 14 Oct 2004, Daniel Roesen wrote:
> On Thu, Oct 14, 2004 at 08:05:50AM +0300, Pekka Savola wrote:
> > If you do 'feasible path strict uRPF' as described in BCP84 (I don't
> > know if others than Juniper are providing that), you can enable strict
> > uRPF toward those customers, still de-pref them, and accept the
> > packets with correct source addresses.
> > 
> > That's what we do with our customers whether multihomed or not.
> 
> And what do you do with a BGP customer which sends you traffic from
> prefixes he doesn't want to announce to you? There are such customers.
> Fail filter ACL?

Good point.

It could be doable with fail-filter ACL, but we don't have any of 
these, so it'd be just a silent discard.

Honestly, I fail to see this as a big problem.  If they don't want to
announce the prefix to us, why would they want to source traffic from
that prefix to us?  The inbound traffic engineering is the more tricky
business, not the outbound.  If they want to keep the link usage low,
they could just send it with no-export or no-advertise, or suitably
prepended.

Except for really wacky asymmetric multihoming cases, I'd expect that
some customers might actually want 'restricted' or 'internal' traffic
to be discarded (compare to RFC1918 sourced traffic from enterprises,
because they use RFC1918 but don't set up the discarding ACLs on their
own).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

• Previous message (by thread): aggregation & table entries
• Next message (by thread): aggregation & table entries
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]