Using markings as opposed to a physical interface is
useful for incremental deployment when BASE routers are not physical neighbors.
Another important difference is that BASE-enabled routers send updates
by piggybacking them on top of BGP updates, as opposed to sending updates on
their own. These piggybacked updates include marking information and control
messages. Updates for distributing marking information include a source
AS and a corresponding 16-bit marking. When a BASE router receives such
an update, the router records the enclosed marking as the “incoming direction”
for packets from the specified source prefix. Relying on BGP updates means
BASE updates must travel the same path as BGP updates. BGP updates do not
always travel the same path as normal traffic, however. The path a BGP update
for prefix P takes to reach AS X does not define the path that packets from P
follow to reach AS X , rather it defines the path that AS X can use to forward
traffic towards P. The path of normal traffic from P to AS X may be different.
When updates and normal traffic travel different paths, routers will expect the
incorrect marking and misidentify legitimate packets as spoofing packets. To
minimize such false positives, BASE uses control messages to enable or disable
filtering. Thus, BASE routers are only able to filter spoofing packets after
receiving instructions to filter.