On Sun, Jul 24, 2011 at 2:14 PM, Dino Farinacci <[email protected]> wrote:
> How about a simpler solution where an ITR at a site does not accept any UDP > 4341 packets? So when a host that wants to spoof a source-EID with a valid > RLOC in the outer header (so the uRPF check succeeds), can be caught by an > non-compromised ITR. > > Routers today can do this by uRPFing solely on the EIDs and since the RLOC > belongs to the ITR itself, anyone at the site originated a packet with that > RLOC will uRPF fail. > I do not understand how this is helpful. Perhaps you could give an example of how this would work if the Internet were in a transition state, with both many LISP sites, and many "legacy" sites? -- Jeff S Wheeler <[email protected]> Sr Network Operator / Innovative Network Concepts
_______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
