Technical Summary
RFC 2827 recommends that ISPs police their customers' traffic by
dropping traffic entering their networks that is coming from a
source address not legitimately in use by the customer network.
The filtering includes but is in no way limited to the traffic
whose source address is a so-called "Martian Address" - an
address that is reserved (RFC 3330), including any address
within 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, 224.0.0.0/4, or 240.0.0.0/4.
This document discusses known technical issues and problems when
implementing RFC 2827 using:
o Ingress Access Lists,
o Strict Reverse Path Forwarding,
o Feasible Path Reverse Path Forwarding,
o Loose Reverse Path Forwarding, and
o Loose Reverse Path Forwarding ignoring default routes
It also discusses trade-offs and work-arounds available to the
prudent operator. Ingress filtering issues related to
multihoming are considered at more length.
Working Group Summary
As this document is not the product of a working group, there was
no working group last call. However, input to the document has
been solicited on a number of fora, such as multi6 WG and The
North American Network Operators' Group (NANOG) mailing lists.
There was also a 4 week IETF Last Call.
Protocol Quality
This document was reviewd for the IESG by Randy Bush, Bert Wijnen
and the Operations Directorate.