>Sriram, Kotikalapudi (Fed) wrote: >> The common source ASN checking is performed on BGP updates in the >> control plane (not in the data path), and that results in adding some >> additional allowed prefixes (for particular interfaces) to the Reverse >> Path Filter (RPF) list for SAV. I don't think this would result in >> other validation mechanisms which aren't available in the forwarding engine. >> The data plane would perform the usual uRPF check: Does the SA in the >> data packet belong in a prefix in the RPF list for the interface it was >> received on? >> So there shouldn't be any requirement to punt data packets.
>right, ok - I misunderstood. So you're suggesting that the control plane >correlates asns to interfaces and does something like creating a higher cost >alternative path out each candidate source interface (based on ASN, as >determined in the control plane) to allow the urpf mechanism handle this using >its normal lookup method? Yes, that is correct. Sriram _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow