[c-nsp] URPF MAC check
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 23 07:36:10 EST 2012
On Nov 23, 2012, at 7:16 PM, Gert Doering wrote:
> I don't. I see an outgoing best path to one of my peers.
AFAICT, I think they're talking about a hybrid layer-2/-3 filtering mechanism - I can't see a need for dynamism, just static policies.
IP Source Guard configured with static bindings might work, but I don't know offhand if it allows anything shorter than a /32 to be bound to a given source MAC.
If all that's desired is to know the source MAC of the relevant frames, a tap/SPAN/FNF/IPFIX w/PSAMP could provide that information.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list