Re: [nsp] ip verify unicast reverse-path

From: Danny Sutantyo (dsutanty@dsutanty-wkst.sc.intel.com)
Date: Thu Jun 07 2001 - 00:33:46 EDT


thanks for the info...
DS

On Wed, 6 Jun 2001, R.P. Aditya wrote:

> On Wed, Jun 06, 2001 at 10:28:41PM +0200, Gert Doering wrote:
> > > How do you implement this? and what's the side effect?
> ...
> > It has no adverse side effects, and it stops your customers from spoofing
> > foreign IP addresses without the need for you to maintain access lists.
>
> As long as you only put it right at the edge, it doesn't have any adverse
> side-effects unless your customer is multihomed. There has been a bit of
> discussion on the adverse effects of indiscriminate usage of RPF on both NANOG
> and cisco-nsp.
>
> You might find the Cisco document referenced in:
>
> http://puck.nether.net/lists/cisco-nsp/3527.html
>
> useful in the more general case. It has an updated URL of:
>
> http://www.cisco.com/public/cons/isp/documents/uRPF_Enhancement.pdf
>
> For a historical oops:
>
> http://www.cctec.com/maillists/nanog/historical/9903/msg00124.html
> http://www.cctec.com/maillists/nanog/historical/9903/msg00125.html
>
> Adi
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT