$author = "alok" ;
so its a hardware limitation?....bigger cores needed
not necessarily. if you do the filtering in the right places you can leave the core to do it's job of passing packets. also, the idea of filtering at the edges is designed to reduce the distance dud packets travel in your network, leaving your routers to worry about passing legit packets.
fair enuf...... 2 schools of thought, and ur idea makes sense too... no denying that...but you have corner cases... which wont come up if it could be in the core.....
the idea behind the extended filtering capabilities in routing software / OSes is to address the problems you describe.
well that covers everything doesnt it ;o)... even those not in ur network..does it actually ping and check to see if its there?
no, a default route is a default route. it doesn't check the IP address, but any packets to dud addresses will get dropped the second they hit a default free zone (if there is no matching prefix) or the upstream router (addresses covered by a prefix but not used).
do u inject BGP into IGP? ....do all access boxes have the entire BGP table/or know every address/network on the internet?
i'd be running iBGP across the default free core and IGP to cover link state of your core. i've seen BGP injected into IGP and it can end up ugly if your not careful. so yes, you'd have a subset of your routers with full tables. you can filter on these routers using "reachable-via any" to address asymmetry. on routers closer to the customer edge, you might not have a full table but you can apply stricter filtering given that you should know what subnets are coming in your customer facing interfaces.
most access would be the corner cases... i have cases where tier-2 ISPs would simply take a 3 Mb uplink from 1 service provider and a fat downlink from another (ISP-2) ...all the BGP routes/advertisements would be in the 2nd ISPs networks, ISP 1 has no idea what this guys address range is at the access is... this is a common mechanism lots of tier-2 ISPs would apply......
? ISP-1 can filter packets based on subnets known to be attached to the customer circuit (your customer system does record IP addresses assigned to customers or provider independent IP subnets that your customers have, doesn't it?!?)... ISP-2 would do the same for upstream traffic. downstream both ISPs could apply whatever filtering is appropriate (loose / strict) given their network structure.
we cud start a new topic...
"where is the core of the internet"?
coz assymetric routing messes up everything :o) even for those scenarios on the core...
read up a little RPF and the difference between "strict" and "loose"... http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122yo/swcg/secur... marty -- Can't buy what I want because it's free. Can't be what they want because I'm me. "Corduroy" - Pearl Jam