RFC 3704 Ingress Filtering for Multihomed Networks March 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Different Ways to Implement Ingress Filtering . . . . . . . . 4 2.1 Ingress Access Lists . . . . . . . . . . . . . . . . . . . 4 2.2 Strict Reverse Path Forwarding . . . . . . . . . . . . . . 5 2.3 Feasible Path Reverse Path Forwarding . . . . . . . . . . 6 2.4 Loose Reverse Path Forwarding . . . . . . . . . . . . . . 6 2.5 Loose Reverse Path Forwarding Ignoring Default Routes . . 7 3. Clarifying the Applicability of Ingress Filtering . . . . . . 8 3.1 Ingress Filtering at Multiple Levels . . . . . . . . . . . 8 3.2 Ingress Filtering to Protect Your Own Infrastructure . . . 8 3.3 Ingress Filtering on Peering Links . . . . . . . . . . . . 9 4. Solutions to Ingress Filtering with Multihoming . . . . . . . 9 4.1 Use Loose RPF When Appropriate . . . . . . . . . . . . . . 10 4.2 Ensure That Each ISP's Ingress Filter Is Complete . . . . 11 4.3 Send Traffic Using a Provider Prefix Only to That Provider 11 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 6. Conclusions and Future Work . . . . . . . . . . . . . . . . . 13 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 8.1. Normative References . . . . . . . . . . . . . . . . . . 14 8.2. Informative References . . . . . . . . . . . . . . . . . 14 9. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 15 10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 16 Baker & Savola Best Current Practice