interface
Click on the red underlined text to get to the source
... filter that checks the source address of
every message received on a network interface against a list of
acceptable prefixes, dropping any packet that does not match the
...
... prefix-
list filters and interface access-lists). The procedure is that the
source address is looked up in the Forwarding Information Base ...
... Forwarding Information Base (FIB)
- and if the packet is received on the interface which would be used
to forward the traffic to the source of the packet, it passes the
...
... the other deterministically follow the same path. While this is
common at edge network interfaces to their ISP, it is in no sense
common between ISPs ...
... connectivity would be used and typically no packets would pass
through the interface. This method assumes that there is no strict
RPF ...
... default route points to. If the route points to
the interface where Loose RPF is enabled, any packet is allowed from
that interface ...
... interface where Loose RPF is enabled, any packet is allowed from
that interface; if it points nowhere or to some other interface, the
packets with bogus source addresses ...
... RPF is enabled, any packet is allowed from
that interface; if it points nowhere or to some other interface, the
packets with bogus source addresses will be discarded at the Loose
...
... source addresses will be discarded at the Loose
RPF interface even in the presence of a default route. If such
fine-grained checking is not implemented, presence of a default route ...
... What may not be readily apparent is that ingress filtering is not
applied only at the "last-mile" interface between the ISP and the end
user. It's perfectly fine, and recommended, to also perform ingress
filtering ...
... service will be incomplete.
4. On some interfaces, weaken ingress filtering by using an
appropriate form of loose RPF ...
... Ingress filtering is typically performed to ensure that traffic
arriving on one network interface legitimately comes from a computer
residing on a network reachable through that interface ...
... network interface legitimately comes from a computer
residing on a network reachable through that interface.
The closer to the actual source ingress filtering ...
... addresses. It can be applied in the upstream interfaces to reduce
the size of DoS attacks with unrouted source addresses ...
... source addresses. In the
downstream interfaces it can only be used as a contract
verification, that the other network ...