North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Where is the edge of the Internet? Re: no ip forged-source-address
> fine now? u can put "loose"...its NO USE!! thats what i said..there will > always be a route to the source....all u may drop is 10.x/192.168 and > 172/16-31......that too if ur network isnt internally using it.... > > and if u end up putting "loose" an OSPF router ull drop valid traffic if ur > not redistributing bgp etc..and if u are redistributing...well again the > above argument holds true...every registered network will be there in BGP > ..... > > -rgds > Alok Since you appear to have not looked into the various implementations of RPF, I'll help you out. RPF uses the FIB, the FIB is populated by all the RIBS, therefore OSPF vs. BGP is a red herring. In the case you describe, you can use semi-strict RPF, populated with all of the networks associated with the customer. This would allow sources from the customer, regardless of path back to those sources, still drop other paths from which there is no path back to the source via the customer, is more efficient than acls, and you already have the data if you are filtering their route announcements.