Ingress Filtering for Multihomed Networks
暂无分享,去创建一个
BCP 38, RFC 2827, is designed to limit the impact of distributed denial of service attacks, by denying traffic with spoofed addresses access to the network, and to help ensure that traffic is traceable to its correct source network. As a side effect of protecting the Internet against such attacks, the network implementing the solution also protects itself from this and other attacks, such as spoofed management access to networking equipment. There are cases when this may create problems, e.g., with multihoming. This document describes the current ingress filtering operational mechanisms, examines generic issues related to ingress filtering, and delves into the effects on multihoming in particular. This memo updates RFC 2827.
[1] Ravishanker Chandra,et al. BGP Communities Attribute , 1996, RFC.
[2] Jun-ichiro itojun Hagino,et al. IPv6 Multihoming Support at Site Exit Routers , 2001, RFC.
[3] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.
[4] Yakov Rekhter,et al. Scalable Support for Multi-homed Multi-provider Connectivity , 1998, RFC.