nanog mailing list archives

RE: [External] Re: uPRF strict more

From: Brian Turnbow via NANOG <nanog () nanog org>
Date: Thu, 30 Sep 2021 16:31:30 +0000

Hi

What it does allow is for *deliberate* blackholing for traffic; if you
null-route a prefix, you now block incoming traffic from that subnet
as well. This can be useful and it is how we are using URPF.


I don't think it is implied here, but just for clarification this is implementation
detail. Loose and blackhole route does not imply this behaviour, It might, it
might not, depending on vendor/implementation.
JunOS by default considers null route as loose path satisfied, and you need
'set forwarding-options rpf-loose-mode-discard family X' to behave like you
explain.


Yes even in cisco land for Ios XR SBRTBH you need set next-hop discard in route policy.
You cannot use recursive lookup to null in urpf

Brian

Current thread:

Re: uPRF strict more, (continued)
- - - Re: uPRF strict more Baldur Norddahl (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: [External] Re: uPRF strict more Hunter Fuller via NANOG (Sep 30)
    - Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
    - Re: [External] Re: uPRF strict more Valdis Klētnieks (Sep 30)
    - Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
    - Re: [External] Re: uPRF strict more Andrew Smith (Sep 30)
    - Re: [External] Re: uPRF strict more Sabri Berisha (Sep 30)
    - Re: [External] Re: uPRF strict more Saku Ytti (Sep 30)
    - RE: [External] Re: uPRF strict more Brian Turnbow via NANOG (Sep 30)
    - Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more John Kristoff (Sep 29)