[AusNOG] Filtering of downstream transit customer routes via RPF
Mark Newton
newton at atdot.dotat.org
Wed Jun 17 00:51:01 EST 2015
On 17 Jun 2015, at 12:43 am, Andy Davidson <andy at nosignal.org> wrote:
>> Unless your single homed customer who is buying internet access circuits (no BGP) from you, on a single link, happens to be receiving simplex downstream from someone else, and only wants to use you to provide the upstream.
>> Not as common these days, but those of us who remember Ku-band satellite internet access will have memories of horrifying outages caused by people turning on strict RPF without thinking about it first. :-)
>
> Sorry, I disagree. Effectively the customer is saying here “I wish to spoof via you”, which is not OK.
No, they are saying, "I wish to obtain access to the Internet," and you have made a value judgement that the specific manner of their access is bad.
> If you have a product dealing with this kind of multiple-mode delivery then you can use a routing protocol (which *can* be a bad one, like Letters of Authority and email) to do this safely with the end customer and protect me from spoofed packets. :-)
An LoA isn't going to overcome your RPF.
- mark
More information about the AusNOG
mailing list