[AusNOG] Filtering of downstream transit customer routes via RPF

Andrew Yager andrew at rwts.com.au
Wed Jun 17 12:47:17 EST 2015


And thus summarises both sides of the discussion we had :)

Someone has also pointed us towards https://www.ietf.org/rfc/rfc3704.txt
section 5, which is useful in clarifying some of the different "standard"
techniques.

We've settled on a strict RPF by default for single homed customers
(whether BGP or not) and loose RPF with a filter to match LOA address space
on their ingress interface in other cases, or where the customer
specifically requests a change in behaviour.

Thanks,
Andrew


On 17 June 2015 at 01:11, Andy Davidson <andy at nosignal.org> wrote:

>
> > On 16 Jun 2015, at 15:51, Mark Newton <newton at atdot.dotat.org> wrote:
> >
> > No, they are saying, "I wish to obtain access to the Internet," and you
> have made a value judgement that the specific manner of their access is bad.
>
> I think solving problems for people is cool, but allowing spoofing on
> internet access circuits by default is not.
>
> Andy
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



-- 
*Andrew Yager, Managing Director* *(BCompSc, JNCIS-SP, MACS (Snr) CP)*
Real World Technology Solutions - IT People you can trust
Voice | Data | IT Procurement | Managed IT
rwts.com.au | 1300 798 718


*Real World is a Dell Premier Partner*

This document should be read only by those persons to whom it is addressed
and its content is not intended for use by any other persons. If you have
received this message in error, please notify us immediately. Please also
destroy and delete the message from your computer. Any unauthorised form of
reproduction of this message is strictly prohibited. We are not liable for
the proper and complete transmission of the information contained in this
communication, nor for any delay in its receipt. Please consider the
environment before printing this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150617/6ac357e8/attachment.html>


More information about the AusNOG mailing list