The RFC states that you want to filter traffic that contains source address not legitimately in use by the customer network.
Generally that would include 0.0.0.0/8,10.0.0.0/8,127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4,and 240.0.0.0/4, but it's not limited to these addresses. You should also include the address space in use by the internal network. This makes sense since the address space used internally should not be seen as the source in packets from the outside. As RFC 3704 states, on possible solution for this would be uRPF. If you use uRPF you dont need to worry as much about the addresses that you use. If you use ACLs on ingress you do. The reason you've probably seen differences in the ACLs probably relates to the networks used in the examples. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com Platinum Solutions Group (PSG) provides high-end consulting services with a primary emphasis on Cisco's Data Center Solutions, Service Provider Solutions, Unified Communications and Security-enabled infrastructures. Be sure to visit www.platinumsolutionsgroup.com. On Apr 26, 2010, at 6:36 AM, Kingsley Charles wrote: > Hi all > > Can someone please let me know, the addresses for RFC 2827/3704 that should > be followed. I see differences, in the way they > are implemented in various sites. > > The RFCs also does not mention specific addresses for RFC 2827/3704 as it > does for RFC 1918/3330. > > > With regards > Kings > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
