nanog mailing list archives
Re: uPRF strict more
From: Blake Hudson <blake () ispn net>
Date: Wed, 29 Sep 2021 10:03:26 -0500
On 9/29/2021 9:27 AM, Mark Tinka wrote:
On 9/29/21 16:21, Blake Hudson wrote:I do not use uRPF on upstream/transit/IX links or with multi-homed customers - or anywhere else where traffic could be asymmetrical; I prefer to use stateless ACLs at these locations.On peering and transit routers, on ports facing the remote side, we apply ACL's to drop traffic inbound from reserved space, as well as our own (as we shouldn't see it coming in from the outside).It's amazing how many matches we see, for all space, both IPv4 and IPv6. Tells just how open some of the "major" networks are :-).
Ditto. And ditto. Extended IP access list ACL-TRANSIT-IN ... 160 deny ip host 0.0.0.0 any 170 deny ip 127.0.0.0 0.255.255.255 any 180 deny ip 224.0.0.0 15.255.255.255 any 190 deny ip 240.0.0.0 15.255.255.255 any 200 deny ip 10.0.0.0 0.255.255.255 any (91057035 matches) 210 deny ip 172.16.0.0 0.15.255.255 any (1366408 matches) 220 deny ip 192.168.0.0 0.0.255.255 any (18325538 matches) 230 deny ip 169.254.0.0 0.0.255.255 any (146523 matches) ...
Current thread:
- uPRF strict more Randy Bush (Sep 28)
- Re: uPRF strict more Amir Herzberg (Sep 28)
- Re: uPRF strict more Saku Ytti (Sep 28)
- Re: uPRF strict more Nick Hilliard (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- RE: uPRF strict more Brian Turnbow via NANOG (Sep 29)
- Re: uPRF strict more Barry Greene (Sep 29)
- Re: uPRF strict more Saku Ytti (Sep 28)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Amir Herzberg (Sep 28)
- Re: uPRF strict more Blake Hudson (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Blake Hudson (Sep 29)
- Re: uPRF strict more Sabri Berisha (Sep 29)
- Re: uPRF strict more Blake Hudson (Sep 30)
- Re: uPRF strict more Phil Bedard (Sep 29)
- Re: uPRF strict more brad dreisbach (Sep 29)
- RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
- Re: uPRF strict more brad dreisbach (Sep 29)
- RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
- Message not available
- RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)