different flavours of uRPF [RE: register.com down sev0?]

[Pekka Savola <pekkas () netcore fi>]

On Thu, 26 Oct 2006, Tony Li wrote:
> > It was possible to implement BCP38 before the router vendors 
> > came up with uRPF.
>
> Further, uRPF is frequently a very inefficient means of implementing BCP
> 38.  Consider that you're going to either compare the source address
> against a table of 200,000 routes or against a handful of prefixes that
> you've statically configured in an ACL.

Isn't that only a problem if you want to run a loose mode uRPF?  
Given that loose mode uRPF isn't very useful in most places where 
you'd like to do ingress filtering, this doesn't seem like a big 
issue..

BTW, I still keep wondering why Cisco hasn't implemented something 
like Juniper's feasible-path strict uRPF.  Works quite well with 
multihomed and asymmetric routing as well -- no need to fiddle with 
communities, BGP weights etc. to ensure symmetry.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings