Re: BCP38 Deployment

[Bingyang LIU <bjornliu () gmail com>]

Hi Darius,

Yes, I agree that feasible RPF solves the problem in a lot of scenarios.

However, in some other cases, the asymmetric routing is caused by
static routing, traffic engineering, policy routing, etc., where the
lengths of forward path and reverse path may differ, so feasible RPF
may also fail (false positive).

Bingyang

On Wed, Mar 28, 2012 at 7:07 PM, Darius Jahandarie
<djahandarie () gmail com> wrote:
> On Wed, Mar 28, 2012 at 12:50, David Conrad <drc () virtualized org> wrote:
> > I would be surprised if this were true.
> >
> > I'd argue that today, the vast majority of devices on the Internet (and certainly the ones that are used in massive 
> > D(D)oS attacks) are found hanging off singly-homed networks.
>
> Yes, but RPF can be implemented in places other than the customer
> edge. In those places, lack of widespread, easy, and vendor-supported
> feasible-path uRPF is what I believe really hurts things.
>
> Granted, this is along a different line than what the OP was talking
> about, but in terms of answering the question of "why don't we see
> ingress filtering as much as we should?", I think it's a large factor.
>
> --
> Darius Jahandarie



-- 
Bingyang Liu
Network Architecture Lab, Network Center,Tsinghua Univ.
Beijing, China
Home Page: http://netarchlab.tsinghua.edu.cn/~liuby