nanog mailing list archives
Re: Request comment: list of IPs to block outbound
From: Saku Ytti <saku () ytti fi>
Date: Tue, 15 Oct 2019 13:46:08 +0300
On Mon, 14 Oct 2019 at 09:30, Vincent Bernat <bernat () luffy cx> wrote:
How much performance impact should we expect with uRPF?
Depends on the platform, but often it's 2nd lookup. So potentially 50% decrease in performance. Some platforms it means FIB duplication. And ultimately it doesn't really offer anything over ACL, which is, in comparison, much cheaper feature. I would encourage people to toolise this, then the ACL generation is no cost or complexity. And you can use ACL for many BGP customers too, as you create 'perfect' prefix-list for customer, you can reference to same prefix-list in ACL, without actually needing customer to announce that prefix, as it's entirely valid to originate traffic from allowable prefix without advertising the prefix (to you). -- ++ytti
Current thread:
- Re: Request comment: list of IPs to block outbound, (continued)
- Re: Request comment: list of IPs to block outbound Stephen Satchell (Oct 13)
- Re: Request comment: list of IPs to block outbound Brandon Martin (Oct 13)
- Re: Request comment: list of IPs to block outbound Stephen Satchell (Oct 13)
- Re: Request comment: list of IPs to block outbound Seth Mattinen (Oct 13)
- Re: Request comment: list of IPs to block outbound William Herrin (Oct 13)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 13)
- Re: Request comment: list of IPs to block outbound Måns Nilsson (Oct 22)
- Re: Request comment: list of IPs to block outbound Enno Rey (Oct 13)
- Re: Request comment: list of IPs to block outbound Grant Taylor via NANOG (Oct 13)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 13)
- Re: Request comment: list of IPs to block outbound Vincent Bernat (Oct 13)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 15)
- Re: Request comment: list of IPs to block outbound Lukas Tribus (Oct 18)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 18)
- Re: Request comment: list of IPs to block outbound Chris Jones (Oct 18)
- Re: Request comment: list of IPs to block outbound Lukas Tribus (Oct 18)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 19)
- Re: Request comment: list of IPs to block outbound Lukas Tribus (Oct 20)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 20)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 13)
- RE: Request comment: list of IPs to block outbound adamv0025 (Oct 21)
- Re: Request comment: list of IPs to block outbound Saku Ytti (Oct 22)
- RE: Request comment: list of IPs to block outbound adamv0025 (Oct 22)