Ingress Filtering for Multihomed Networks
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Protocol Action: 'Ingress Filtering for Multihomed Networks' to BCP The IESG has approved the following document: - 'Ingress Filtering for Multihomed Networks ' <draft-savola-bcp38-multihoming-update-04.txt> as a BCP This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Bert Wijnen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-savola-bcp38-multihoming-update-04.txt
Technical Summary RFC 2827 recommends that ISPs police their customers' traffic by dropping traffic entering their networks that is coming from a source address not legitimately in use by the customer network. The filtering includes but is in no way limited to the traffic whose source address is a so-called "Martian Address" - an address that is reserved (RFC 3330), including any address within 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 188.8.131.52/4, or 240.0.0.0/4. This document discusses known technical issues and problems when implementing RFC 2827 using: o Ingress Access Lists, o Strict Reverse Path Forwarding, o Feasible Path Reverse Path Forwarding, o Loose Reverse Path Forwarding, and o Loose Reverse Path Forwarding ignoring default routes It also discusses trade-offs and work-arounds available to the prudent operator. Ingress filtering issues related to multihoming are considered at more length. Working Group Summary As this document is not the product of a working group, there was no working group last call. However, input to the document has been solicited on a number of fora, such as multi6 WG and The North American Network Operators' Group (NANOG) mailing lists. There was also a 4 week IETF Last Call. Protocol Quality This document was reviewd for the IESG by Randy Bush, Bert Wijnen and the Operations Directorate.