The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2003-May> msg00097



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

URPF for route-leaking / vpn-mpls

  • From: "Constantin Tivig" <Constantin.Tivig@connex.ro>
  • Date: Thu, 15 May 2003 12:01:26 +0300
  • Importance: normal
  • Resent-Date: Thu, 15 May 2003 06:20:26 -0400
  • thread-index: AcMawJF9OYniPkCDSiiyVZejyLz0aw==
  • Thread-Topic: URPF for route-leaking / vpn-mpls
  • To: "MPLS-ops Mailing List" <mpls-ops@mplsrc.com>
  • X-OriginalArrivalTime: 15 May 2003 09:01:27.0035 (UTC) FILETIME=[914DE4B0:01C31AC0]

Hello,

 

How can I assure that my vpn-mpls clients cannot use rfc1918 sourced ip packets (or spoof ) in case they have also internet access configured by route-leaking ?

 

If I use URPF it will look in the vrf’s FIB (not in the global RoutingTable FIB ) so it will let pass ip packets sourced with private addresses.

 

Any nice implementation you can share w/ me ?

 

Tks,

 

 

 

Constantin Tivig

Xnet/Connex

 

-------------------------------------------------------------------------------
The content of this communication is classified as Mobifon SA Romania Confidential and Proprietary Information.The content of this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this communication then delete it from your system. We appreciate your assistance in preserving the confidentiality of our correspondence. Thank you.

Prezentul mesaj constituie o Informatie confidentiala si este proprietatea exclusiva a MobiFon S.A.. Mesajul se adreseaza numai persoanei fizice sau juridice mentionata ca destinatara, precum si altor persoane autorizate sa-l primeasca. In cazul in care nu sunteti destinatarul vizat, va aducem la cunostinta ca dezvaluirea, copierea, distribuirea sau initierea unor actiuni pe baza prezentei informatii sunt strict interzise si atrag raspunderea civila si penala. Daca ati primit acest mesaj dintr-o eroare, va rugam sa ne anuntati imediat, ca raspuns la mesajul de fata, si sa-l stergeti apoi din sistemul dvs. Apreciem si va multumim pentru sprijinul acordat in pastrarea confidentialitatii corespondentei noastre.
-------------------------------------------------------------------------------