nanog mailing list archives
Re: Cogent BCP-38
From: Robert Blayzor <rblayzor.bulk () inoc net>
Date: Tue, 29 Aug 2017 08:41:12 -0400
On 29 August 2017 at 03:38, Robert Blayzor <rblayzor.bulk () inoc net> wrote:Well not completely useless. BCP will still drop BOGONs at the edge before they leak into your network.Assuming you don't use them in your own infra. And cost of RPF is lot higher than cost of ACL. Them being entirely static entities they should be in your edgeACL. The only real justification for loose RPF is source based blackholing. -- ++ytti
Well, if you are using public IP addresses for infra you are violating your RIR’s policy more than likely. And if you’re using RFC1918 space in your global routing table, then thats another fiasco you’ll have to deal with. Managing ACL’s for customer routes has far more overhead (and cost, ie: time, human error, etc) than to just use RPF on an edge port. I believe the OP was talking about multi-homed, in that case if run a tight ship in your network RPF loose is probably a good choice. It at least gives you an easy way to not accept total trash at the edge. -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://inoc.net/~rblayzor/
Current thread:
- Cogent BCP-38 Ben Russell (Aug 16)
- Re: Cogent BCP-38 chris (Aug 16)
- Re: Cogent BCP-38 Mikael Abrahamsson (Aug 16)
- Re: Cogent BCP-38 Mike Hammett (Aug 17)
- Re: Cogent BCP-38 William Herrin (Aug 17)
- Re: Cogent BCP-38 Saku Ytti (Aug 17)
- Re: Cogent BCP-38 Robert Blayzor (Aug 28)
- Re: Cogent BCP-38 Saku Ytti (Aug 29)
- Re: Cogent BCP-38 Robert Blayzor (Aug 29)
- Re: Cogent BCP-38 Job Snijders (Aug 29)
- Re: Cogent BCP-38 Rob Evans (Aug 29)
- Re: Cogent BCP-38 Sander Steffann (Aug 30)
- Re: Cogent BCP-38 Mikael Abrahamsson (Aug 16)
- Re: Cogent BCP-38 chris (Aug 16)