On Thu, 2002-10-31 at 09:20, Margaret Wasserman wrote: > > > > >I don't understand this. In your proposal, every site will be filtering > >a different global prefix. Routers in the internet backbone will not be > >filtering any global prefix. Where is the comparable defense in the > >depth? > > I think it depends what you mean by "filtering a prefix"... > > If you use a global prefix to number a private site, you wouldn't > necessarily advertise that prefix in global routing tables. In > fact, it would be best not to. So, it wouldn't be any more > "routable" on the Internet than a site-local prefix. Routers > wouldn't have any path to it, so they'd drop it... > > Also, I am under the impression that ISPs do some filtering at the > customer bounday -- only allowing traffic from a customers' global > prefix(es) out, and only letting traffic to the customers' global > prefix(es) in... How common is this? >
Quite common. I think the motivation for doing this is to prevent traffic holding any private addressing or unauthorised public addressing from leaking from the site. On a related topic, if I was to stuff up my site local filters at the edge of my site, would my network then become part of my ISPs site local network ? In the proposed site-local models, are sites adjacent, or are they separated by segments that only have a global address assignments (eg the BGP AS model vs the OSPF area model) ? Regards, Mark. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
