nanog mailing list archives
Re: [External] Re: uPRF strict more
From: Sabri Berisha <sabri () cluecentral net>
Date: Thu, 30 Sep 2021 10:27:47 -0700 (PDT)
----- On Sep 30, 2021, at 9:13 AM, Andrew Smith andrew.william.smith () gmail com wrote: Hi,
In Ciscoland, you do have to explicitly state that the default route is eligible for URPF verification, otherwise you'll get unexpected traffic drops.
ip verify unicast source reachable-via any allow-default
Customer: We need a way to prevent spoofing. Dev: Sure, I created a new feature: "ip verify unicast" Customer: We're dropping legitimate traffic! Dev: Oops, sorry about that. Here, a new feature: "ip verify unicast source reachable-via any" Customer: But but but, we don't have a full BGP table! Dev: Oh well... <clickety-click> "ip very unicast source reachable via any allow-default" Thanks, Sabri
Current thread:
- Re: uPRF strict more, (continued)
- Re: uPRF strict more Anoop Ghanwani (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Baldur Norddahl (Sep 29)
- Re: uPRF strict more brad dreisbach (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: [External] Re: uPRF strict more Hunter Fuller via NANOG (Sep 30)
- Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
- Re: [External] Re: uPRF strict more Valdis Klētnieks (Sep 30)
- Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
- Re: [External] Re: uPRF strict more Andrew Smith (Sep 30)
- Re: [External] Re: uPRF strict more Sabri Berisha (Sep 30)
- Re: [External] Re: uPRF strict more Saku Ytti (Sep 30)
- RE: [External] Re: uPRF strict more Brian Turnbow via NANOG (Sep 30)
- Re: uPRF strict more Mark Tinka (Sep 29)