[93143] in North American Network Operators' Group
Re: different flavours of uRPF [RE: register.com down sev0?]
daemon@ATHENA.MIT.EDU (Chris L. Morrow)
Fri Oct 27 12:49:19 2006
Date: Fri, 27 Oct 2006 16:45:59 +0000 (GMT)
From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <454227C2.2080400@tony.li>
To: Tony Li <tony.li@tony.li>
Cc: Pekka Savola <pekkas@netcore.fi>, 'Daniel Senie' <dts@senie.com>,
nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Fri, 27 Oct 2006, Tony Li wrote:
> Pekka Savola wrote:
> > On Thu, 26 Oct 2006, Tony Li wrote:
> >>> It was possible to implement BCP38 before the router vendors
> >>> came up with uRPF.
> >> Further, uRPF is frequently a very inefficient means of implementing BCP
> >> 38. Consider that you're going to either compare the source address
> >> against a table of 200,000 routes or against a handful of prefixes that
> >> you've statically configured in an ACL.
> >
> > Isn't that only a problem if you want to run a loose mode uRPF?
> > Given that loose mode uRPF isn't very useful in most places where
> > you'd like to do ingress filtering, this doesn't seem like a big
> > issue..
>
> Strict mode uRPF is likely to be implemented by performing a full
> forwarding table lookup and then comparing the packet's incoming
> interface to the interface from the forwarding table result.
Pekka might have meant wouldn't you build a seperate 'urpf table' per
interface perhaps? (just guessing at his intent) though there is only one
'urpf table' which is the fib, right?
