It sounds like an anti-spoofing mechanism, much like not allowing packets
from the internet into your network with a source address of your network.
This goes a little beyond that by verifying that the source is reachable
from the interface it was received on. I've always done this with an access
list, which is easy with only 1 connection to the 'Net. Doing it with CEF
rather than process switching has got to offer some big performance
benefits. Now, if I could only remember which platforms support CEF...
Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 02, 2001 3:58 PM
To: Chuck Church; '[EMAIL PROTECTED]'
Subject: Re: Cool DDoS (Distributed Denial of Service) link
At 08:49 AM 1/2/01, Chuck Church wrote:
From Network Computing:
http://www.nwc.com/1201/1201f1c1.html
Indeed, very nicely-written article. The best thing in it was the link to
the Cisco site on Unicast Reverse Path Forwarding, which I'd never heard
of. (I'd heard of Multicast RPF, but not unicast.)
I'm curious, is anyone using Unicast RPF? Does it work well? Any
performance problems with it?
Here's what it does:
"When Unicast RPF is enabled on an interface, the router examines all
packets received as input on that interface to make sure that the source
address and source interface appear in the routing table and match the
interface on which the packet was received. This 'look backwards' ability
is available only when Cisco express forwarding (CEF) is enabled on the
router, because the lookup relies on the presence of the Forwarding
Information Base (FIB). CEF generates the FIB as part of its operation."
For more info see:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt5/scdrpf.htm
Priscilla
Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218
_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Priscilla Oppenheimer
http://www.priscilla.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]