[c-nsp] URPF MAC check
Gert Doering
gert at greenie.muc.de
Fri Nov 23 10:26:40 EST 2012
Hi,
On Fri, Nov 23, 2012 at 03:15:04PM +0000, Aled Morris wrote:
> The use-case I was imagining was an IX. For any given peer, I know which
> source addresses I can expect from them because they are advertised to me
> via BGP for the return path.
You can't.
Imagine a customer behind your peer A and peer B, sending his traffic
via peer A, but for whatever reason you only see the announcement via
peer B (like "the customer set a do-not-announce-to-IXP C" community
because B's port is full).
BGP routing is *not* symmetric. Please repeat this 100 times.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20121123/bbc0fd10/attachment.sig>
More information about the cisco-nsp
mailing list