[195535] in North American Network Operators' Group
Re: Cogent BCP-38
daemon@ATHENA.MIT.EDU (William Herrin)
Thu Aug 17 09:11:35 2017
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <496940670.3866.1502969745768.JavaMail.mhammett@ThunderFuck>
From: William Herrin <bill@herrin.us>
Date: Thu, 17 Aug 2017 09:11:05 -0400
To: Mike Hammett <nanog@ics-il.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Aug 17, 2017 at 7:35 AM, Mike Hammett <nanog@ics-il.net> wrote:
> Strict vs. loose.
>
Hi Mike,
Doesn't loose mode URPF allow packets from anything that exists in the
routing table regardless of source? Seems just about worthless. You're
allowing the site to spoof anything in the routing table which is NOT
BCP38.
Strict mode URPF down paths guaranteed to be single-homed. Manually
configure allowed sources and announcements for BGP-talking customers.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
