[c-nsp] URPF MAC check
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 23 10:39:02 EST 2012
On Nov 23, 2012, at 10:26 PM, Gert Doering wrote:
> BGP routing is *not* symmetric. Please repeat this 100 times.
They understand that. What's actually being discussed is some combination of layer-2 and layer-3 policy enforcement. The uRPF thing is a red herring; static policies (probably matching the prefix-list filtering applied to a given peering session) would work, there's no need for dynamism.
The DDoS thing is a red herring, too - existing telemetry mechanisms allow traceback. The main potential benefit something like this would be to prevent traffic dumping in a shared-interconnect-medium IX environment, along with some corner-cases like the one Saku described.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list