The IESG has approved the following document:
- 'Ingress Filtering for Multihomed Networks '
<draft-savola-bcp38-multihoming-update-03.txt> as a BCP
This document has been reviewed in the IETF but is not the product of an
IETF Working Group.
The IESG contact person is Bert Wijnen.
Technical Summary
RFC 2827 recommends that ISPs police their customers' traffic by
dropping traffic entering their networks that is coming from a
source address not legitimately in use by the customer network.
The filtering includes but is in no way limited to the traffic
whose source address is a so-called "Martian Address" - an
address that is reserved (RFC 3330), including any address
within 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, 224.0.0.0/4, or 240.0.0.0/4.
This document discusses known technical issues and problems when
implementing RFC 2827 using:
o Ingress Access Lists,
o Strict Reverse Path Forwarding,
o Feasible Path Reverse Path Forwarding,
o Loose Reverse Path Forwarding, and
o Loose Reverse Path Forwarding ignoring default routes
It also discusses trade-offs and work-arounds available to the
prudent operator. Ingress filtering issues related to
multihoming are considered at more length.
Working Group Summary
As this document is not the product of a working group, there was
no working group last call. However, input to the document has
been solicited on a number of fora, such as multi6 WG and The
North American Network Operators' Group (NANOG) mailing lists.
There was also a 4 week IETF Last Call.
Protocol Quality
This document was reviewd for the IESG by Randy Bush, Bert Wijnen
and the Operations Directorate.
