On Thu, Jun 17, 2010 at 12:38 AM, Roy <r.engehau...@gmail.com> wrote: > On 6/16/2010 7:43 PM, Jon Lewis wrote: >> With a larger >> network, multiple IP blocks, ***numerous multihomed customers***, some of >> which >> use IP's we've assigned them, it gets a little more complicated to do. >> I could reject at our border, packets sourced from our IP ranges with >> exceptions for any of the IP blocks we've assigned to multihomed customers. > > Sounds like a good use of URPF.
Reverse path filtering + asymmetric routing = epic fail. Jon did say Multihomed customer. Refer to RFC 3704 (BCP84). Note section 2.2 (Strict Reverse Path Forwarding) last part of the final sentence: "in particular, when applied to multihoming to different ISPs, this assumption may fail." Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.com b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004