[93138] in North American Network Operators' Group
Re: different flavours of uRPF [RE: register.com down sev0?]
daemon@ATHENA.MIT.EDU (Tony Li)
Fri Oct 27 11:38:45 2006
Date: Fri, 27 Oct 2006 08:37:38 -0700
From: Tony Li <tony.li@tony.li>
To: Pekka Savola <pekkas@netcore.fi>
Cc: 'Daniel Senie' <dts@senie.com>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.64.0610270943580.17467@netcore.fi>
Errors-To: owner-nanog@merit.edu
Pekka Savola wrote:
> On Thu, 26 Oct 2006, Tony Li wrote:
>>> It was possible to implement BCP38 before the router vendors
>>> came up with uRPF.
>> Further, uRPF is frequently a very inefficient means of implementing BCP
>> 38. Consider that you're going to either compare the source address
>> against a table of 200,000 routes or against a handful of prefixes that
>> you've statically configured in an ACL.
>
> Isn't that only a problem if you want to run a loose mode uRPF?
> Given that loose mode uRPF isn't very useful in most places where
> you'd like to do ingress filtering, this doesn't seem like a big
> issue..
Strict mode uRPF is likely to be implemented by performing a full
forwarding table lookup and then comparing the packet's incoming
interface to the interface from the forwarding table result.
Tony
