prefix
Click on the red underlined text to get to the source
... in this case, the attacked sites can protect themselves by proper
filtering, by verifying that their prefixes are not used in the
source addresses in packets received from the Internet ...
... every message received on a network interface against a list of
acceptable prefixes, dropping any packet that does not match the
filter. While this is by no means the only way to implement an
...
... example, forgetting to have the list updated at the ISPs if the set
of prefixes changes (e.g., as a result of multihoming) might lead to
discarding the packets if they do not pass the ingress filter ...
... access list is dynamic. This may also be used to avoid duplicate
configuration (e.g., maintaining both static routes or BGP prefix-
list filters and interface ...
... network edge is advertising multiple
prefixes using BGP. It makes for a simple, cheap, fast, and dynamic
filter ...
... routing. Also, if BGP is carrying prefixes and some legitimate
prefixes are not being advertised or not being accepted by the ISP ...
... BGP is carrying prefixes and some legitimate
prefixes are not being advertised or not being accepted by the ISP
under its policy, the effect is the same as ingress filtering ...
... operates. The mechanism relies on consistent route advertisements
(i.e., the same prefix(es), through all the paths) propagating to all
the routers performing Feasible RPF ...
... of action. However, especially in the case of very large networks of
even hundreds or thousands of prefixes, maintaining manual access-
lists may be too much to ask.
...
... edge network to use provider-independent prefixes and exchange routes
with its ISPs with BGP ...
... with its ISPs with BGP, to ensure that its prefix is carried upstream
to the major transit ISPs ...
... network uses, traffic
originating from any other prefix can be summarily discarded instead
of sending it to an ISP.
...
... correctly addressed; a router further away can only ensure that it is
possible that there is such a system within the indicated prefix.
Therefore, ingress filtering should be done at multiple levels, with
...
... RPF is not an option,
between ISPs if the number of used prefixes is low, or as an
additional layer of protection.
...
... propagation of routing information to work; the implications of
this must be understood especially if a prefix advertisement
passes through third parties.
...
... ingress filtering is also reasonable between ISPs,
especially if the number of prefixes is low.
This memo will lower the bar for the adoption of ingress filtering ...