[c-nsp] URPF MAC check
Saku Ytti
saku at ytti.fi
Fri Nov 23 06:18:12 EST 2012
On (2012-11-23 11:06 +0000), Dobbins, Roland wrote:
> I guess I don't understand what you mean by this . . .
What he means is you have neighbour 1.2.3.4 and 1.2.3.5.
1.2.3.4 is advertising 10.10.10.0/24
1.2.3.5 is advertising 10.10.20.0/24
Today he'll accept 10.10.10.0 from 1.2.3.5, he wants to stop this.
He already knows MAC address of 1.2.3.4, so he'd like to verify that
10.10.10.0 is coming from expected SMAC.
It's certainly technically doable, at least in platforms like ASR1k, ASR9k,
MX.
But is SMAC trusted, does IXP filter? And is there wider demand?
Buy 10k boxes from vendor, and you'd probably get it.
--
++ytti
More information about the cisco-nsp
mailing list