nanog mailing list archives
Re: BCP38 - Internet Death Penalty
From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 28 Mar 2013 09:19:53 -0700
In a message written on Thu, Mar 28, 2013 at 11:39:45AM -0400, William Herrin wrote:
"Single homed stub site" is not a configuration option in any BGP setup I'm aware of, so how would the router select RPF as the default for a single-homed stub site?
I'm not sure if this is what the OP was talking about or not, but it reminded me of a feature I have wanted in the past. If you think about a simple multi-homing situation where a person has their own IP space, their own ASN, and connects to two providers they will announce all of their routes to both providers. They may in fact do prepending, or more specifics such that one provider is preferred, but to get full redundancy all of their blocks need to go to both providers. uRPF _strict_ only allows traffic where the active route is back out the interface. There are a number of cases where this won't be true for my simple scenario above (customer uses a depref community, one ISP is a transit customer of the other being used for multi-homing, customer has more than one link to the same ISP and uses prepending on one, etc). As a result, it can't be applied. uRPF _loose_ on the other hand only checks if a route is in the table, and with the table rapidly approaching all of the IP space in use that's denying less and less every day. The feature I would like is to set the _packet filter_ based on the _received routes_ over BGP. Actually, received routes post prefix list. Consider this syntax: neighbor 1.2.3.4 install-dynamic-filter Gig10/1/2 prefix-list customer-prefixes Anything that was received would go through the prefix-list customer-prefixes (probably the same list used to filter their announcements), and then get turned into a dynamic ACL applied to the inbound interface (Gig10/1/2 in this case). I suspect such a feature would allow 99.99% of the BGP speakers to be "RPF" filtered in a meaningful way, automatically, where uRPF strict is not usable today. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
_bin
Description:
Current thread:
- Re: BCP38 - Internet Death Penalty, (continued)
- Re: BCP38 - Internet Death Penalty Jack Bates (Mar 27)
- Re: BCP38 - Internet Death Penalty Valdis . Kletnieks (Mar 27)
- Re: BCP38 - Internet Death Penalty Jay Ashworth (Mar 27)
- Re: BCP38 - Internet Death Penalty William Herrin (Mar 27)
- Re: BCP38 - Internet Death Penalty Jack Bates (Mar 27)
- Re: BCP38 - Internet Death Penalty Saku Ytti (Mar 27)
- RE: BCP38 - Internet Death Penalty Adam Vitkovsky (Mar 28)
- Re: BCP38 - Internet Death Penalty William Herrin (Mar 28)
- RE: BCP38 - Internet Death Penalty Adam Vitkovsky (Mar 28)
- Re: BCP38 - Internet Death Penalty William Herrin (Mar 28)
- Re: BCP38 - Internet Death Penalty Leo Bicknell (Mar 28)
- Re: BCP38 - Internet Death Penalty Chris Adams (Mar 28)
- Re: BCP38 - Internet Death Penalty William Herrin (Mar 28)
- Re: BCP38 - Internet Death Penalty Leo Bicknell (Mar 28)
- Re: BCP38 - Internet Death Penalty William Herrin (Mar 28)
- RE: BCP38 - Internet Death Penalty Adam Vitkovsky (Mar 29)
- Re: BCP38 - Internet Death Penalty William Herrin (Mar 29)
- Re: BCP38 - Internet Death Penalty Dobbins, Roland (Mar 28)
- Re: BCP38 - Internet Death Penalty John Curran (Mar 27)
- Re: BCP38 - Internet Death Penalty Mark Andrews (Mar 27)
- Re: BCP38 - Internet Death Penalty Paul Ferguson (Mar 27)