nanog mailing list archives
Re: no ip forged-source-address
From: Lars Erik Gullerud <lerik () nolink net>
Date: 30 Oct 2002 20:02:13 +0100
On Wed, 2002-10-30 at 16:44, variable () ednet co uk wrote:
Therefore, would it be a reasonable suggestion to ask router vendors to source address filtering in as an option[1] on the interface and then move it to being the default setting[2] after a period of time? This appeared to have some success with reducing the number of networks that forwarded broadcast packets (as with "no ip directed-broadcast").
[snip]
[1] For example, an IOS config might be: interface fastethernet 1/0 no ip forged-source-address
Well, this already exists, doesn't it? Try the following on your customer-facing interface: ip verify unicast source reachable-via rx
[2] Network admins would still have the option of turning it off, but this would have to be explicitly configured.
I have a feeling that having strict uRPF as the default setting on an interface would be very badly received by a lot of ISP's. I know I certainly wouldn't like it very much. Is it really the job of router vendors to protect the net from lazy/incompetent/ignorant network admins? /leg
Current thread:
- no ip forged-source-address variable (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- Re: no ip forged-source-address variable () ednet co uk (Oct 30)
- Re: no ip forged-source-address Lars Erik Gullerud (Oct 30)
- Re: no ip forged-source-address Jared Mauch (Oct 30)
- Re: no ip forged-source-address Hank Nussbacher (Oct 30)
- Re: no ip forged-source-address Barney Wolff (Oct 30)
- Re: no ip forged-source-address Craig A. Huegen (Oct 30)
- Re: no ip forged-source-address Jared Mauch (Oct 30)
- Re: no ip forged-source-address Petri Helenius (Oct 30)
- RE: no ip forged-source-address Tony Hain (Oct 30)
- Re: no ip forged-source-address Jim Forster (Oct 30)
- Message not available
- Re: no ip forged-source-address Daniel Senie (Oct 30)
- Re: no ip forged-source-address Jesper Skriver (Oct 30)
- <Possible follow-ups>
- Re: no ip forged-source-address Daniel Senie (Oct 30)