Re: uPRF strict more

[Saku Ytti <saku () ytti fi>]

Vast majority of access ports are stubby, with no multihoming or
redundancy. And uRPF strict is indeed used often here, but answer very
rarely if ever applies for non-stubby port.

Having said that, I'm not convinced anyone should use uRPF at all.
Because you should already know what IP addresses are possible behind
the port, if you do, you can do ACL, and ACL is significantly lower
cost in PPS in a typical modern lookup engine.

On Wed, 29 Sept 2021 at 04:10, Amir Herzberg <amir.lists () gmail com> wrote:
> Randy, great question. I'm teaching that it's very rarely, if ever, used (due to high potential for benign loss); 
> it's always great to be either confirmed or corrected...
>
> So if anyone replies just to Randy - pls cc me too (or, Randy, if you could sum up and send to list or me - thanks!)
>
> Amir
> --
> Amir Herzberg
>
> Comcast professor of Security Innovations, Computer Science and Engineering, University of Connecticut
> Homepage: https://sites.google.com/site/amirherzberg/home
> `Applied Introduction to Cryptography' textbook and lectures: 
> https://sites.google.com/site/amirherzberg/applied-crypto-textbook
>
>
>
>
> On Tue, Sep 28, 2021 at 8:50 PM Randy Bush <randy () psg com> wrote:
> > do folk use uPRF strict mode?  i always worried about the multi-homed
> > customer sending packets out the other way which loop back to me;  see
> > RFC 8704 §2.2
> >
> > do vendors implement the complexity of 8704; and, if so, do operators
> > use it?
> >
> > clue bat please
> >
> > randy



-- 
  ++ytti