asymmetric routing

Francis Dupont Francis.Dupont@enst-bretagne.fr
Tue, 29 Jan 2002 14:08:50 +0100

Previous message: asymmetric routing
Next message: asymmetric routing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 In your previous mail you wrote:

   > Basically RFC 2827 / BCP 38 about Ingress Filtering should be used
   > for IPv6 too. There are two ways to do ingress filtering: access lists
   > and unicast RPF.

   I don't think it's that easy. Please keep in mind, that a site/customer
   might be multihomed. In that case he might use a different prefix from that 
   assigned by the upstream provider as source address. 

=> there are some cases where uRPF can't work but there are some myths
too about uRPF limitations, look at:
http://www.cisco.com/public/cons/isp/documents/uRPF_Enhancement.pdf

   Yes, one could filter all but those prefixes a customer holds, but then the
   customer has to name all his providers/prefixes. You can't force a customer
   to do so, because that information might be confidential.

=> in fact we don't need ingress filtering everywhere, we just need enough
ingress filtering in order to make random source address spoofing
unattractive.
The current issue with IPv6 ingress filtering is not (yet) multi-homing,
this is simply the lack of tools...

Regards

Francis.Dupont@enst-bretagne.fr

Previous message: asymmetric routing
Next message: asymmetric routing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]