nanog mailing list archives
Re: large BCP38 compliance testing
From: Barry Greene <bgreene () senki org>
Date: Thu, 2 Oct 2014 18:29:04 +0700
On Oct 2, 2014, at 6:23 PM, Jérôme Nicolle <jerome () ceriz fr> wrote:
Le 02/10/2014 12:28, Nick Hilliard a écrit :It would probably be more productive to pressurise transit providers to enforce bcp38 on their customer links.This. But let me ask you, how many transit provider actually implement strict prefix-filtering ? I've seen many using a max-prefix as their sole defense. Now, let's consider what you want is to match an interface ACL to prefixes received on a BGP session runing through the same interface. Ain't that what uRPF-strict is all about ?
uRPF Strict mode is NOT a tool to use on the transit connections. It was built for the SP-Customer connections. uRPF VRF mode _was_ built for the transit connections. You can take all the prefixes received from the peer and stick them into a VRF. You can then check all the incoming packet source addresses against that list. If there is no match, then it was not in the BGP advertisements.
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- large BCP38 compliance testing Mikael Abrahamsson (Oct 02)
- Re: large BCP38 compliance testing Mikael Abrahamsson (Oct 02)
- Re: large BCP38 compliance testing Nick Hilliard (Oct 02)
- Re: large BCP38 compliance testing Jérôme Nicolle (Oct 02)
- Re: large BCP38 compliance testing Barry Greene (Oct 02)
- Re: large BCP38 compliance testing Nick Hilliard (Oct 02)
- Re: large BCP38 compliance testing Andrei Robachevsky (Oct 02)
- Re: large BCP38 compliance testing Jérôme Nicolle (Oct 02)
- Re: large BCP38 compliance testing Alain Hebert (Oct 02)
- Re: large BCP38 compliance testing Roland Dobbins (Oct 02)
- Re: large BCP38 compliance testing Alain Hebert (Oct 02)
- Re: large BCP38 compliance testing Roland Dobbins (Oct 02)
- Re: large BCP38 compliance testing Jared Mauch (Oct 02)
- Re: large BCP38 compliance testing Roland Dobbins (Oct 02)
- Re: large BCP38 compliance testing Jay Ashworth (Oct 03)
- Re: large BCP38 compliance testing Alain Hebert (Oct 06)
- Re: large BCP38 compliance testing Jay Ashworth (Oct 12)