Re: BCP38 Deployment

[Joe Provo <nanog-post () rsuc gweep net>]

On Thu, Mar 29, 2012 at 07:31:26PM -0400, Jon Lewis wrote:
> On Thu, 29 Mar 2012, Joe Provo wrote:
>
> > uRFP was a trivial, 0-impact feature on the cisco VXR-based CMTS
> > platform. Assert a simple statement in the default config (along
> > with 'ips classless' and all your other standard config elements)
>
> uRPF: or as it's now used in ios,
> ip verify unicast source reachable-via rx ...
>
> I don't know what it would have to do with ip classless.  

Stated to counter 'config is hard' as there junk you have to do
regardless. Add it to your standard specs and be done.

> uRPF stops your customers from sending forged source address 
> packets.  Since forged source address packets are rarely traced back to 
> their actual source, I'm not sure how configuring it on your network would 
> reduce your abuse desk workload at all.

Guess we had better informed neighbors? :-) You caught the 
rhetoric; the cost was that trivial.
 

-- 
         RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NewNOG