RFC 3704 (rfc3704) - Page 1 of 16
Ingress Filtering for Multihomed Networks
Alternative Format: Original Text Document
Network Working Group F. Baker
Request for Comments: 3704 Cisco Systems
Updates: 2827 P. Savola
BCP: 84 CSC/FUNET
Category: Best Current Practice March 2004
Ingress Filtering for Multihomed Networks
Status of this Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
BCP 38, RFC 2827, is designed to limit the impact of distributed
denial of service attacks, by denying traffic with spoofed addresses
access to the network, and to help ensure that traffic is traceable
to its correct source network. As a side effect of protecting the
Internet against such attacks, the network implementing the solution
also protects itself from this and other attacks, such as spoofed
management access to networking equipment. There are cases when this
may create problems, e.g., with multihoming. This document describes
the current ingress filtering operational mechanisms, examines
generic issues related to ingress filtering, and delves into the
effects on multihoming in particular. This memo updates RFC 2827.
Baker & Savola Best Current Practice