[127256] in North American Network Operators' Group
Re: Todd Underwood was a little late
daemon@ATHENA.MIT.EDU (Steve Bertrand)
Fri Jun 18 09:27:33 2010
Date: Fri, 18 Jun 2010 09:27:08 -0400
From: Steve Bertrand <steve@ipv6canada.com>
To: Chris Adams <cmadams@hiwaay.net>, nanog@nanog.org
In-Reply-To: <20100618124955.GA1296581@hiwaay.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2010.06.18 08:49, Chris Adams wrote:
> Once upon a time, Steve Bertrand <steve@ipv6canada.com> said:
>> If all IP blocks are tied down to null, and urpf is enabled in loose
>> mode on an interface, it will catch cases where someone is sourcing
>> traffic to you using IPs from the unassigned space that you have in your
>> free pools.
>
> That's not true on JUNOS devices - discard routes still count as valid
> routes for loose-mode uRPF.
Are you saying that JUNOS will not drop on source even if the only valid
route for an IP address is to null? On any other router I've used,
null/disc etc is a valid route, but it is considered special in that if
the route is to null, discard it, even on source.
Steve
