Having an iACL format like below, that means that i would have to add at least one extra "permit" entry before the spoofing entries. deny MARTIANS/BOGONS deny SPOOFING deny PROTOCOLS/PORTS permit BGP-PEERINGS permit TUNNELS deny INFRASTRUCTURE permit ANY If that's indeed the case, what non-routing protocols do you allow from/to these type of addresses? Only specific types of icmp messages? -- Tassos Dobbins, Roland wrote on 06/11/2012 14:05:
On Nov 6, 2012, at 6:32 PM, Tassos Chatzithomaoglou wrote:
Do you filter them on your border routers (via iACLs) Yes.
and if yes, how? The same way you filter any other interface addresses in your iACLs.
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton