Having an iACL format like below, that means that i would have to add at least one extra "permit" entry before the spoofing entries.
deny MARTIANS/BOGONS deny SPOOFING deny PROTOCOLS/PORTS permit BGP-PEERINGS permit TUNNELS deny INFRASTRUCTURE permit ANY If that's indeed the case, what non-routing protocols do you allow from/to these type of addresses? Only specific types of icmp messages? -- Tassos Dobbins, Roland wrote on 06/11/2012 14:05: > On Nov 6, 2012, at 6:32 PM, Tassos Chatzithomaoglou wrote: > >> Do you filter them on your border routers (via iACLs) > Yes. > >> and if yes, how? > The same way you filter any other interface addresses in your iACLs. > > ----------------------------------------------------------------------- > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > Luck is the residue of opportunity and design. > > -- John Milton >
