nanog mailing list archives

Re: uPRF strict more

From: Nick Hilliard <nick () foobar org>
Date: Wed, 29 Sep 2021 10:12:32 +0100

Saku Ytti wrote on 29/09/2021 07:03:

Having said that, I'm not convinced anyone should use uRPF at all.
Because you should already know what IP addresses are possible behind
the port, if you do, you can do ACL, and ACL is significantly lower
cost in PPS in a typical modern lookup engine.

urpf has its place if your network config build processes aren'tautomated to the point that it's no longer necessary. It would be a netsecurity loss to the internet not to have it widely implemented onaccess devices.


Nick

Current thread:

uPRF strict more Randy Bush (Sep 28)
- Re: uPRF strict more Amir Herzberg (Sep 28)
  - Re: uPRF strict more Saku Ytti (Sep 28)
    - Re: uPRF strict more Nick Hilliard (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - RE: uPRF strict more Brian Turnbow via NANOG (Sep 29)
    - Re: uPRF strict more Barry Greene (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
  - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Sabri Berisha (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 30)
  - Re: uPRF strict more Adam Thompson (Sep 29)

(Thread continues...)