On 10 Dec 2003, at 17:33, Franck Martin wrote:
Apart from setting up ingress(?) filtering to ensure that these packets gets dropped before they go further,
Google for "Unicast Reverse Path Filtering" (uRPF). The filter you describe above can be obtained by means of turning loose-mode uRPF on a border router that carries a full table (assuming you are happy to derive "the traffic source is valid" from "I receive a routing advertisement which covers the traffic source address"; i.e. I have a path back to that source).
I need to communicate with my
upstream provider to ensure that he/she drops these packets too before
they go on my link. Is there a way to automatise that, so a soft can
talk to my upstream provider network system and automatically inform him
on which IPs are terminated? Routing protocol aggregates IPs, so I'm not
sure it may select only valid IP and not a range where some IPs are
valid...
You could encourage your providers to deploy similar filters to those above on their borders. They may be able to apply uRPF outbound on the interface that faces you, in fact. I've never actually added that config to a router, but it seems like it should work :-)
Joe