nanog mailing list archives

Re: uPRF strict more

From: Mark Tinka <mark@tinka.africa>
Date: Wed, 29 Sep 2021 16:27:33 +0200



On 9/29/21 16:21, Blake Hudson wrote:

I do not use uRPF on upstream/transit/IX links or with multi-homedcustomers - or anywhere else where traffic could be asymmetrical; Iprefer to use stateless ACLs at these locations.

On peering and transit routers, on ports facing the remote side, weapply ACL's to drop traffic inbound from reserved space, as well as ourown (as we shouldn't see it coming in from the outside).

It's amazing how many matches we see, for all space, both IPv4 and IPv6.Tells just how open some of the "major" networks are :-).


Mark.

Current thread:

uPRF strict more Randy Bush (Sep 28)
- Re: uPRF strict more Amir Herzberg (Sep 28)
  - Re: uPRF strict more Saku Ytti (Sep 28)
    - Re: uPRF strict more Nick Hilliard (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - RE: uPRF strict more Brian Turnbow via NANOG (Sep 29)
    - Re: uPRF strict more Barry Greene (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
  - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Sabri Berisha (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 30)
  - Re: uPRF strict more Adam Thompson (Sep 29)
    - Re: uPRF strict more Phil Bedard (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)
    - RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)
    - RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
    - Message not available
    - RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)

(Thread continues...)