[c-nsp] URPF MAC check
Gert Doering
gert at greenie.muc.de
Fri Nov 23 07:16:50 EST 2012
Hi,
On Fri, Nov 23, 2012 at 01:58:48PM +0200, Saku Ytti wrote:
> On (2012-11-23 11:45 +0000), Dobbins, Roland wrote:
>
> > It may well be that multiple interfaces would ARP for that source (also, this implies a lot of layer-2 chatter which would be prohibitive, IMHO).
> >
> > What's the ultimate problem we're trying to solve? Traffic dumping?
>
> If 10.10.20.0 attacks/dosses you, you know which peer sent it.
You do?
I don't. I see an outgoing best path to one of my peers. But I have no
idea who is sending it *to* me - especially given multihomed customers of
my peers, I might see the path via peer A, but the incoming packets come
via peer B, fully legitimately so.
Or via a different peer router to the same peer AS.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20121123/a3a3bb7e/attachment.sig>
More information about the cisco-nsp
mailing list