[c-nsp] URPF MAC check
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 23 07:12:32 EST 2012
On Nov 23, 2012, at 6:58 PM, Saku Ytti wrote:
> If 10.10.20.0 attacks/dosses you, you know which peer sent it.
Can we learn that via taps/SPAN/FNF/IPFIX w/PSAMP, all of which ought to give us access to the relevant layer-2 information?
uRPF implies dropping packets based upon some potentially dynamic criteria. What would be the drop/pass criteria?
Would adding MAC address filtering to PACLs do the trick? In other words, would static policies be sufficient?
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list