nanog mailing list archives
Re: uPRF strict more
From: Nick Hilliard <nick () foobar org>
Date: Wed, 29 Sep 2021 10:12:32 +0100
Saku Ytti wrote on 29/09/2021 07:03:
Having said that, I'm not convinced anyone should use uRPF at all. Because you should already know what IP addresses are possible behind the port, if you do, you can do ACL, and ACL is significantly lower cost in PPS in a typical modern lookup engine.
urpf has its place if your network config build processes aren't automated to the point that it's no longer necessary. It would be a net security loss to the internet not to have it widely implemented on access devices.
Nick
Current thread:
- uPRF strict more Randy Bush (Sep 28)
- Re: uPRF strict more Amir Herzberg (Sep 28)
- Re: uPRF strict more Saku Ytti (Sep 28)
- Re: uPRF strict more Nick Hilliard (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- RE: uPRF strict more Brian Turnbow via NANOG (Sep 29)
- Re: uPRF strict more Barry Greene (Sep 29)
- Re: uPRF strict more Saku Ytti (Sep 28)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Amir Herzberg (Sep 28)
- Re: uPRF strict more Blake Hudson (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Blake Hudson (Sep 29)
- Re: uPRF strict more Sabri Berisha (Sep 29)
- Re: uPRF strict more Blake Hudson (Sep 30)