nanog mailing list archives
Re: uPRF strict more
From: Mark Tinka <mark@tinka.africa>
Date: Thu, 30 Sep 2021 07:01:35 +0200
On 9/29/21 19:07, Adam Thompson wrote:
We just ran into a typical case where uRPF caused a partial outage for one of my customers: the customer is multi-homed, with another provider that I'm *also* connected to. Customer advertised a longer-prefix to the other guy, so I started sending traffic destined for Customer to the Other Provider... who then promptly dropped it because they had uRPF enabled on the peering link, and they were seeing random source IPs that weren't mine. Well... yeah, that can happen (semi-legitimately) anytime you have a topological triangle in peering.I've concluded over the last 2 years that uRPF is *only* useful on interfaces pointing directly at non-multi-homed customers, and *actively dangerous *anywhere else.
That's not exactly true, unless that other provider is not carrying a full table on the device your traffic toward your customer was transiting.
Generally, we only run uRPF on boxes that carry a fully BGP table. The lack of a full table, even with loose-mode uRPF, will lead to blackholing.
Mark.
Current thread:
- Re: uPRF strict more, (continued)
- Re: uPRF strict more brad dreisbach (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: [External] Re: uPRF strict more Hunter Fuller via NANOG (Sep 30)
- Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
- Re: [External] Re: uPRF strict more Valdis Klētnieks (Sep 30)
- Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
- Re: [External] Re: uPRF strict more Andrew Smith (Sep 30)
- Re: [External] Re: uPRF strict more Sabri Berisha (Sep 30)
- Re: [External] Re: uPRF strict more Saku Ytti (Sep 30)
- RE: [External] Re: uPRF strict more Brian Turnbow via NANOG (Sep 30)
- Re: uPRF strict more Mark Tinka (Sep 29)