nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: different flavours of uRPF [RE: register.com down sev0?]

From: "Chris L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Fri, 27 Oct 2006 16:45:59 +0000 (GMT)

On Fri, 27 Oct 2006, Tony Li wrote:

Pekka Savola wrote:

On Thu, 26 Oct 2006, Tony Li wrote:

It was possible to implement BCP38 before the router vendors
came up with uRPF.

Further, uRPF is frequently a very inefficient means of implementing BCP
38.  Consider that you're going to either compare the source address
against a table of 200,000 routes or against a handful of prefixes that
you've statically configured in an ACL.


Isn't that only a problem if you want to run a loose mode uRPF?
Given that loose mode uRPF isn't very useful in most places where
you'd like to do ingress filtering, this doesn't seem like a big
issue..


Strict mode uRPF is likely to be implemented by performing a full
forwarding table lookup and then comparing the packet's incoming
interface to the interface from the forwarding table result.


Pekka might have meant wouldn't you build a seperate 'urpf table' per
interface perhaps? (just guessing at his intent) though there is only one
'urpf table' which is the fib, right?
Previous By Date Next
Previous By Thread Next

Current thread: