Re: Bit-dumping [Was: Re: Peering Policy]
Hmmmm, a good idea - make your router to accept packets with src MAC addresses of its BGP peers only, no? Dima Robert E. Seastrom writes:
From: dvv@sprint.net (Dima Volodin)
You don't mean changing one MAC address in Gigaswitch configuration is a bolder feat than swapping (failed) equipment, do you?
what i just said to him: "yeah, but the ip addresses don't. ever hear of arp?"
---Rob
BGP peers and bgp peers through the routing arbiter of course.. or you get an intentional level 2 problem again. rob
Hmmmm, a good idea - make your router to accept packets with src MAC addresses of its BGP peers only, no?
Dima
Robert E. Seastrom writes:
From: dvv@sprint.net (Dima Volodin)
You don't mean changing one MAC address in Gigaswitch configuration is a bolder feat than swapping (failed) equipment, do you?
what i just said to him: "yeah, but the ip addresses don't. ever hear of arp?"
---Rob
From: Robert Bowman <rob@elite.exodus.net> BGP peers and bgp peers through the routing arbiter of course.. or you get an intentional level 2 problem again. well, you _do_ know who you're peering with right? ---Rob
I sure hope I know who we are peered with.. then again.. that's what my as object at the radb is for. The issue was rather that, you have direct peers, in which ideally a filter could be setup very easily to match that neighbor statement. With ra peerings, you have no neighbor statement to the ips.. a different way of doing it would be necessary, out-of-sync filters of mac addresses would need to be setup.. more complex. By doing so, someone else brought up the point that any transit that was not including a next-hop-self wouldn't go through.. good. Pretty ridiculous that certain providers of IXP transit charge x dollars a month for doing nothing but passing routes, NOT passing traffic. Force them to at least take the traffic into their router. It would also alleviate level 2 issues with providers doing that.. they already need to do it at pbnap and aads. rob
From: Robert Bowman <rob@elite.exodus.net>
BGP peers and bgp peers through the routing arbiter of course.. or you get an intentional level 2 problem again.
well, you _do_ know who you're peering with right?
---Rob
On Wed, 30 Oct 1996, Dima Volodin wrote: |} Hmmmm, a good idea - make your router to accept packets with src MAC |} addresses of its BGP peers only, no? What about 3rd party routing? People sell legitimate transit at the MAEs and other exchange points. Some have next-hop-self set, some don't. Not to mention the CPU load of the acl to police the MAC addresses. -jh-
pretty trivial to write an expect script to reconfigure the gigaswitch hourly based on a freshly-refreshed arp cache. as regards mac level filtering on your router, i suppose that would depend on the overhead to implement such filtering on your particular box. and i am not enough of a cisco wizard to be able to answer that question for the 75xx series. ---Rob From: dvv@sprint.net (Dima Volodin) Hmmmm, a good idea - make your router to accept packets with src MAC addresses of its BGP peers only, no? Robert E. Seastrom writes:
From: dvv@sprint.net (Dima Volodin)
You don't mean changing one MAC address in Gigaswitch configuration is a bolder feat than swapping (failed) equipment, do you?
what i just said to him: "yeah, but the ip addresses don't. ever hear of arp?"
---Rob
participants (4)
-
dvv@sprint.net -
Jonathan Heiliger -
Robert Bowman -
Robert E. Seastrom