nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: uPRF strict more

From: brad dreisbach <bradd () us ntt net>
Date: Wed, 29 Sep 2021 17:59:03 -0400
On Wed, Sep 29, 2021 at 11:38:19PM +0200, Baldur Norddahl wrote:

On Wed, 29 Sept 2021 at 22:07, Jean St-Laurent via NANOG <nanog () nanog org>
wrote:


Thanks a lot for sharing.

So 100 Gbps at line rate with 80B frames is about ~150 Mpps.

100 Gbps at line rate with 208B frames is about ~60 Mpps.

It's a significant penalty.



Full rate small packets would be an attack of some kind and could only
realistically arrive at your transit and peering ports. The customers
usually have slower (relatively) ports and a single customer could not
produce a rate of small packets that would be a concern. Therefore uRPF at
customer ports should not be a problem in this regard.


every network is different of course, and admittedly i am a couple generations
of hw from having tested this. the problem was indeed exacerbated by also having a ddos scrubbing service, but i still encourage my competitors to run 
urpf.

-b



Regards,

Baldur
Previous By Date Next
Previous By Thread Next

Current thread: