[j-nsp] Juniper RPF loose behavior?
Michael Loftis
mloftis at wgops.com
Fri Aug 12 19:36:21 EDT 2005
OK in Cisco platforms with RPF loose set to on, packets have an RPF check
done as long as a route exists in the table for the source prefix then the
packet is allowed, EXCEPT if that route resolves to the null0 interface.
This is documented at
http://www.cisco.com/warp/public/732/Tech/security/docs/blackhole.pdf in
conjunction with 'source based BGP blackholes' or something like that ( I
can't remember what the document calls it.)
So my question is this....does Juniper loose RPF (atleast in 7.3R1) behave
this way? Such that if I'm advertising 'black hole' routes via an iBGP
session that resolve to a 192.0.2.1 route that is set 'discard' will the
same thing happen for JunOS?
I hope this makes sense....
--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
More information about the juniper-nsp
mailing list