nanog mailing list archives
Re: an effect of ignoring BCP38
From: Pekka Savola <pekkas () netcore fi>
Date: Thu, 11 Sep 2008 16:32:57 +0300 (EEST)
On Thu, 11 Sep 2008, Jo Rhett wrote:
[Pekka:]Loose mode URPF is [..] (IMHO) pretty much waste of time and is confusing the discussion about real spoofing protection. The added protection compared to ACLs that drop private and possibly bogons is not that big and it causes transient losses when the routing tables are changing.I disagree. But I will say that if everyone would apply strict mode or ACLs to their end point interfaces, this would likely make most of the loose mode irrelevant.
FWIW, based on off-list discussion, Jo's disagreement seems to stem from a misunderstanding of how loose uRPF works (he didn't know it accepts any packet that has a route in the routing table).
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Current thread:
- Re: BCP38 dismissal, (continued)
- Re: BCP38 dismissal Gadi Evron (Sep 04)
- Re: BCP38 dismissal Patrick W. Gilmore (Sep 04)
- Re: BCP38 dismissal Gadi Evron (Sep 04)
- an effect of ignoring BCP38 bmanning (Sep 04)
- Re: an effect of ignoring BCP38 David Sinn (Sep 05)
- Re: an effect of ignoring BCP38 k claffy (Sep 06)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 08)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Kevin Oberman (Sep 11)
- Re: an effect of ignoring BCP38 Kevin Oberman (Sep 11)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 11)
- Re: an effect of ignoring BCP38 Randy Bush (Sep 07)
- Re: an effect of ignoring BCP38 bmanning (Sep 07)
- Re: an effect of ignoring BCP38 Randy Bush (Sep 08)