nanog mailing list archives

Re: Cogent BCP-38

From: William Herrin <bill () herrin us>
Date: Thu, 17 Aug 2017 09:11:05 -0400

On Thu, Aug 17, 2017 at 7:35 AM, Mike Hammett <nanog () ics-il net> wrote:

Strict vs. loose.


Hi Mike,

Doesn't loose mode URPF allow packets from anything that exists in the
routing table regardless of source? Seems just about worthless. You're
allowing the site to spoof anything in the routing table which is NOT
BCP38.

Strict mode URPF down paths guaranteed to be single-homed. Manually
configure allowed sources and announcements for BGP-talking customers.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>

Current thread:

Cogent BCP-38 Ben Russell (Aug 16)
- Re: Cogent BCP-38 chris (Aug 16)
  - Re: Cogent BCP-38 Mikael Abrahamsson (Aug 16)
    - Re: Cogent BCP-38 Mike Hammett (Aug 17)
    - Re: Cogent BCP-38 William Herrin (Aug 17)
    - Re: Cogent BCP-38 Saku Ytti (Aug 17)
    - Re: Cogent BCP-38 Robert Blayzor (Aug 28)
    - Re: Cogent BCP-38 Saku Ytti (Aug 29)
    - Re: Cogent BCP-38 Robert Blayzor (Aug 29)
    - Re: Cogent BCP-38 Job Snijders (Aug 29)
    - Re: Cogent BCP-38 Rob Evans (Aug 29)
    - Re: Cogent BCP-38 Sander Steffann (Aug 30)
  - Re: Cogent BCP-38 Alain Hebert (Aug 17)
- Re: Cogent BCP-38 marcel.duregards--- via NANOG (Aug 31)