RFC 3704 (rfc3704) - Page 1 of 16

Ingress Filtering for Multihomed Networks

Network Working Group                                           F. Baker
Request for Comments: 3704                                 Cisco Systems
Updates: 2827                                                  P. Savola
BCP: 84                                                        CSC/FUNET
Category: Best Current Practice                               March 2004


               Ingress Filtering for Multihomed Networks

Status of this Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   BCP 38, RFC 2827, is designed to limit the impact of distributed
   denial of service attacks, by denying traffic with spoofed addresses
   access to the network, and to help ensure that traffic is traceable
   to its correct source network.  As a side effect of protecting the
   Internet against such attacks, the network implementing the solution
   also protects itself from this and other attacks, such as spoofed
   management access to networking equipment.  There are cases when this
   may create problems, e.g., with multihoming.  This document describes
   the current ingress filtering operational mechanisms, examines
   generic issues related to ingress filtering, and delves into the
   effects on multihoming in particular.  This memo updates RFC 2827.



















Baker & Savola           Best Current Practice