North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: 69/8...this sucks -- Centralizing filtering..
From: "Mark Segal" > Since most service providers should be thinking about a sink hole network > for security auditing (and backscatter), why not have ONE place where you > advertise all unreachable, or better yet -- a default (ie everything NOT > learned through BGP peers), and just forward the packets to a bit bucket.. > Which is better than an access list since, now we are forwarding packets > instead of sending them to a CPU to increase router load. > It would be nice if vendors had a variant to (in cisco terms) ip verify unicast reverse-path that would work in asymmetrical networks. If you only have a single link to the internet, the command works well, but then why would you ever run bgp for a single uplink? -Jack