URPF on small BGP-enabled customers?

• Previous message (by thread): URPF on small BGP-enabled customers?
• Next message (by thread): URPF on small BGP-enabled customers?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 3, 2005, at 10:52 AM, Christopher L. Morrow wrote:

> On Fri, 3 Jun 2005, Patrick W. Gilmore wrote:
>
>> Perhaps a simpler way is to announce your entire allocation and put
>> no-export on things you want to come in your other provider?  ^1239$
>
> or perhaps 'no-advertise' and send the same length prefixes  
> everywhere...
> this IS headed down the 1000 ways to config bgp  though :(

It is.

Although, after reading the thread (here & on c-nsp) and thinking  
about it, I have a hypothesis:

Sprint configures inbound source IP filters based on BGP filters.   
This could be automated easily.  (BGP Tech: "What prefixes are you  
going to announce to us?" type-type-type....  System pushes prefix  
and IP ACLs.)  Sound reasonable?  Anyone from Sprint care to confirm?

So even if you do not plan to announce all prefixes to Sprint, give  
them all prefixes so you can announce them, and the IP ACLs will be  
built properly.

-- 
TTFN,
patrick

• Previous message (by thread): URPF on small BGP-enabled customers?
• Next message (by thread): URPF on small BGP-enabled customers?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]