[ednog] Walled gardens & anycast (oh my!)
dmcgaugh at cac.washington.edu
Thu Apr 7 18:15:35 EDT 2005
On Apr 7, 2005, at 12:22 PM, Kevin Miller wrote:
> Hey all-
> Sorry for the lag here.. I've been processing mail a bit late.
> Anyway, an idea that was (mostly) Dave Farmer's but I find interesting
> is to modify uRPF and use MPLS for walled gardens. To give a bit of
> background: for awhile (when at CMU) I thought about using uRPF as a
> good way to drop hosts off the net quickly. The idea is to interface
> quagga/zebra with your blacklist. When you want to drop someone, just
> announce a /32 to the IP, and uRPF will drop the traffic at the ingress
To elaborate on this slightly, on Cisco routers, if the /32 is to
Null0, this uRPF drop works in both loose and strict mode as IOS sees
the route to Null0 as a "null CEF adjacency" and is thus invalid, hence
On other routing platforms (at least Juniper), you must use uRPF in
strict mode as it sees the route to discard as a legitimate contributor
to the routing table and thus a useable loose mode path.
While strict versus loose might not be interesting at the edge, it is
useful to have the drop behavior in loose mode deeper into your
infrastructure where asymmetric routing might be present.
> An extension of this would be if you could tell uRPF instead to drop it
> into an MPLS VRF (aka Walled Garden #1). Then you can redirect it to
> your patch page or what have you.
I believe a number of vendors are working on various methods of
dynamic-ish policy based routing that could be useful in this
situation. It should be interesting to see what they come up with...
and whether it will be vendor interoperable.
> So it's not so much anycast, but using similar pieces. :)
> Kevin C. Miller
> Network Architect
> Office of Information Technology
> Duke University
> ednog mailing list
> ednog at puck.nether.net
More information about the ednog