asymmetric routing

[Joel Baker]

On Mon, Jan 28, 2002 at 08:50:38AM +0100, JOIN Project Team wrote:
> Am Sonntag, 27. Januar 2002 18:06 schrieb Francis Dupont:
> > Basically RFC 2827 / BCP 38 about Ingress Filtering should be used
> > for IPv6 too. There are two ways to do ingress filtering: access lists
> > and unicast RPF.
> 
> I don't think it's that easy. Please keep in mind, that a site/customer
> might be multihomed. In that case he might use a different prefix from that 
> assigned by the upstream provider as source address. 
> 
> Yes, one could filter all but those prefixes a customer holds, but then the
> customer has to name all his providers/prefixes. You can't force a customer
> to do so, because that information might be confidential.
> 
> Christian

Except that unlike IPv4, IPv6 doesn't even support the notion of a multi-
homed network, except in drafts, really. That being the whole (misguided)
point of aggregation - to reduce your routing tables and may traffic flows
more tractable.

Not that I think it's a good idea - but it *is* perfectly legitimate to
deny any traffic that is not sourced from a network *you route* to that
customer (this is the basis of unicast filtering) - and at least under IPv6
it is, as far as I can see, reasonable to only route what you have assigned
to them.
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer@lightbearer.com              http://users.lightbearer.com/lucifer/