On Thu, 22 Sep 2005, Matthew Crocker wrote: <snip making networking more complicated than required>
Also, consider the cases where customers push packets your way (for uRPF strict, which isn't available for JunOS, but is for IOS depending on platform/code/hardware-rev... ugh!) and never send you a route for the traffic back to them? Maybe they are just a transit and don't even hear the routes for their customer who chose a 'cheaper' path that doesn't include them nor me directly on this link in question?
This sounds like a broken design. Why have one way links? If a
I didn't say I endorsed it, just that it happens, often. It's not a one way link either, the link may have thousands of routes advertised up it, just not a few key ones which are sources of traffic. Like I said earlier this morning, I have no idea why customers don't just send a prepended-to-hell route along this path for backup, but they don't... often.
customer pushes packets my way and they don't announce that route to me I will drop the packets at my edge. If they want to send me those
and you are breaking them... that's bad.
packets they need to announce. They can announce with AS path prepend x 1000 so I don't send them any traffic but the route needs to exist.
Sure, and every customer knows bgp/route-maps/policy as well as you... my point wasn't that it was a good or bad thing, just that it is.
"does urpf feasible path stop a 'customer' from spoofing sources that are in the FIB?"
No, but you don't use feasible path on links aimed at your customer,
great now we have conflicting answers :) perhaps I'll ask on j-nsp for clarification.
you use strict. If your router doesn't support strict then talk to your purchasing department.
The problem isn't the router, it's the cards in the router often :( Also, it's supposed to work according to the vendor, until you test and verify it doesn't :( doh! hint, don't by Engine-3 cards for your 12000's unless you don't care about urpf strict. hurray!