nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 Deployment

From: Jon Lewis <jlewis () lewis org>
Date: Thu, 29 Mar 2012 19:31:26 -0400 (EDT)
On Thu, 29 Mar 2012, Joe Provo wrote:


uRFP was a trivial, 0-impact feature on the cisco VXR-based CMTS
platform. Assert a simple statement in the default config (along
with 'ips classless' and all your other standard config elements)


uRPF: or as it's now used in ios,
ip verify unicast source reachable-via rx ...
I don't know what it would have to do with ip classless. It requires ip cef, but so do lots of other "features" including reasonably fast packet forwarding. 


and job done. It assisted in reducing our abuse desk workload by
eliminating a class of attacks from us, so the trivial "cost" was
worth it in opex. ISTR it being on the required feature list for
additional CMTS evaluations but it has been many years since I
touched that kit.
uRPF stops your customers from sending forged source address packets. Since forged source address packets are rarely traced back to their actual source, I'm not sure how configuring it on your network would reduce your abuse desk workload at all. 

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: