[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: [RRG] Meeting slot at IETF64
On Wed, 14 Sep 2005, xuke wrote:
Have you looked at unicast RPF (see RFC 3704, RFC 2827) for IP
spoofing prevention? You should focus on describing the
relation of the proposal to uRPF.
Yes, I knew uRPF, actually our proposal doesn't focus on the uRPF
itself, our proposal is to solve following problem, core routers how
to generate the RPF list or table from BGP routing table. We think
in order to support real IP address access, core routers, especially
core routers between different ISP also need to filter incoming
packets. You can find more details in our paper
You can also use uRPF at peering links between ISPs as it is -- the
use of uRPF is not restricted to just edge networks.
Obviously that will require that the other ISP is advertising all its
prefixes to you, otherwise you'll drop the asymmetric traffic. Check
out Feasible Path RPF in RFC3704.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
to unsubscribe send a message to firstname.lastname@example.org with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg