[151738] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (Joe Provo)
Thu Mar 29 19:40:20 2012
Date: Thu, 29 Mar 2012 19:39:39 -0400
From: Joe Provo <nanog-post@rsuc.gweep.net>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <Pine.LNX.4.61.1203291926170.2201@soloth.lewis.org>
Reply-To: nanog-post@rsuc.gweep.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Mar 29, 2012 at 07:31:26PM -0400, Jon Lewis wrote:
> On Thu, 29 Mar 2012, Joe Provo wrote:
>
> >uRFP was a trivial, 0-impact feature on the cisco VXR-based CMTS
> >platform. Assert a simple statement in the default config (along
> >with 'ips classless' and all your other standard config elements)
>
> uRPF: or as it's now used in ios,
> ip verify unicast source reachable-via rx ...
>
> I don't know what it would have to do with ip classless.
Stated to counter 'config is hard' as there junk you have to do
regardless. Add it to your standard specs and be done.
> uRPF stops your customers from sending forged source address
> packets. Since forged source address packets are rarely traced back to
> their actual source, I'm not sure how configuring it on your network would
> reduce your abuse desk workload at all.
Guess we had better informed neighbors? :-) You caught the
rhetoric; the cost was that trivial.
--
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NewNOG
