asymmetric routing
Pim van Pelt
pim@ipng.nl
Mon, 28 Jan 2002 11:44:56 +0100
| I don't think it's that easy. Please keep in mind, that a site/customer
| might be multihomed. In that case he might use a different prefix from that
| assigned by the upstream provider as source address.
|
| Yes, one could filter all but those prefixes a customer holds, but then the
| customer has to name all his providers/prefixes. You can't force a customer
| to do so, because that information might be confidential.
Christian,
I do not think it is wise for a provider to route traffic from downstream
networks he is not fully aware of. And I do not believe I would want to
push provider B's traffic on my link for IPv6 like I would do so in the case
of IPv4 customers. I would break aggregation in this case.
A lot of mischief on the Internet is caused by people spoofing addresses and
I feel that every network should have the ingress filtering Francis mentioned
in his post.
If we all act like you suggest (and keep our downstreams unfiltered outbound)
then we create yet another playground for kids who wish to connect a victims
chargen or other port to a variety of spoofed (v6) addresses, especially
because apparently people are enabling these services all over again while
they discover the wonders of IPv6.
Yes, truckloads of people have not trimmed /etc/inetd.conf (or equivalents)
for their INET6 services. Oh, and I don't think many of my tunnel collecting
downstream cablemodem users actually understand the full impact of their
configurations either.
I'm urging everybody in the tunnelbroker scene (things differ for admins
offering connectivity on a b2b basis), to filter ingress. I for one don't want
to see IPng address space routed by anyone else than me-myself-and-I ;-) just
the same as I do not want to see anybody offering my routers address space it
was not specifically told to route.
groet,
Pim
--
---------- - - - - -+- - - - - ----------
Pim van Pelt Email: pim@ipng.nl
http://www.ipng.nl/ IPv6 Deployment
-----------------------------------------------