[j-nsp] Question about loose-mode RPF
Chris Adams
cmadams at hiwaay.net
Tue Oct 18 19:26:46 EDT 2005
We recently replaced a couple of our core Cisco routers with a Juniper,
and I'm still working out a few things that are different.
One thing I've noticed is that loose-mode RPF doesn't discount discard
routes. On our Ciscos, routing something to Null0 means that loose uRPF
drops traffic from that block. The Juniper doesn't appear to do that
for discard routes.
The Cisco behavior is useful for us; when we get a "problem" IP (such as
an SSH scanner), we can null route the IP and the inbound traffic is
dropped as well. I had been planning on setting up an internal dynamic
blocking server (using BGP to propagate routes for bad IPs with a
community to null-route the routes).
Is there a way to get similar behavior on a Juniper?
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the juniper-nsp
mailing list