[169526] in North American Network Operators' Group
Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet
daemon@ATHENA.MIT.EDU (Keegan Holley)
Fri Feb 28 21:14:56 2014
From: Keegan Holley <no.spam@comcast.net>
In-Reply-To: <CAL9jLaZpx1SmJCUWj9Y3q=29KMb4xgzWi-p-8OOm57nR8FxR9Q@mail.gmail.com>
Date: Fri, 28 Feb 2014 21:14:28 -0500
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
+1 in my experience uRPF get=92s enabled, breaks something or causes =
confusion (usually related to multi-homing) and then get=92s disabled.
On Feb 28, 2014, at 11:49 AM, Christopher Morrow =
<morrowc.lists@gmail.com> wrote:
> On Fri, Feb 28, 2014 at 9:02 AM, Ray Soucy <rps@maine.edu> wrote:
>> If you have uRPF enabled on all your access routers then you can
>> configure routing policy such that advertising a route for a specific
>> host system will trigger uRPF to drop the traffic at the first hop, =
in
>> hardware.
>=20
> note that 'in hardware' is dependent upon the model used...
> note that stuffing 2k (or 5 or 10 or...) extra routes into your edge
> device could make it super unhappy.
>=20
> your points are valid for your designed network... they may not work =
everywhere.
> making the features you point out work better or be more widely known
> seems like a great idea though :)
