[107704] in North American Network Operators' Group
Re: Cisco uRPF failures
daemon@ATHENA.MIT.EDU (Jo Rhett)
Thu Sep 11 13:27:13 2008
From: Jo Rhett <jrhett@netconsonance.com>
To: Saku Ytti <saku+nanog@ytti.fi>
In-Reply-To: <20080911171128.GA5283@mx.ytti.net>
Date: Thu, 11 Sep 2008 10:26:54 -0700
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Sep 11, 2008, at 10:11 AM, Saku Ytti wrote:
> On (2008-09-11 00:50 -0700), Jo Rhett wrote:
>> As someone who does a lot of work talking to NOCs trying to chase
>> down
>> attack sources, I can honestly tell you that I haven't talked to a
>> single NOC in the last 16 months who had BCP38 on every port, or
>> even on
>> most of their ports. And the majority response is "our (vendor) gear
>> can't handle it". As we both know, Cisco is the largest by far
>> vendor
>> in the marketplace, and I've heard that name more than 70% of the
>> time.
>
> Sound like these shops are using 3550 as router, which is common for
> smaller shops, especially in EU. And indeed, 3550 would not do uRPF.
> (3560E does).
I don't honestly know. I do know that in every case it was mentioned
to me it was either a 6500 or a 7600.
(that it was a Cisco anyway)
But frankly, lack of uRPF doesn't mean that BCP38 is impossible. My
generation of Force10 gear can't do uRPF. Yet we are BCP38 compliant.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
