[AusNOG] Filtering of downstream transit customer routes via RPF
Andy Davidson
andy at nosignal.org
Wed Jun 17 00:43:22 EST 2015
> On 16 Jun 2015, at 14:18, Mark Newton <newton at atdot.dotat.org> wrote:
>
>> Singled homed customers buying Internet Access circuits (no BGP) from you, on a single link, can and should be strict mode forwarded. Thank you for doing that if you are. :-)
> Unless your single homed customer who is buying internet access circuits (no BGP) from you, on a single link, happens to be receiving simplex downstream from someone else, and only wants to use you to provide the upstream.
> Not as common these days, but those of us who remember Ku-band satellite internet access will have memories of horrifying outages caused by people turning on strict RPF without thinking about it first. :-)
Sorry, I disagree. Effectively the customer is saying here “I wish to spoof via you”, which is not OK. If you have a product dealing with this kind of multiple-mode delivery then you can use a routing protocol (which *can* be a bad one, like Letters of Authority and email) to do this safely with the end customer and protect me from spoofed packets. :-)
Andy
More information about the AusNOG
mailing list