nanog mailing list archives

Re: uPRF strict more

From: Mark Tinka <mark@tinka.africa>
Date: Wed, 29 Sep 2021 13:57:02 +0200



On 9/29/21 08:03, Saku Ytti wrote:

Vast majority of access ports are stubby, with no multihoming or
redundancy. And uRPF strict is indeed used often here, but answer very
rarely if ever applies for non-stubby port.

Having said that, I'm not convinced anyone should use uRPF at all.
Because you should already know what IP addresses are possible behind
the port, if you do, you can do ACL, and ACL is significantly lower
cost in PPS in a typical modern lookup engine.

I tend to agree that ACL's will cost less in the data plane. But theonly issue, if you feel either uRPF or ACL's are an option, is that forlarge customers who have tons of (especially dis-contiguous addressspace that they may not own), the potential for mistakes can happenwhere some space may either be missed, or incorrectly configured, whenACL's are a chosen alternative to uRPF.


Mark.

Current thread:

uPRF strict more Randy Bush (Sep 28)
- Re: uPRF strict more Amir Herzberg (Sep 28)
  - Re: uPRF strict more Saku Ytti (Sep 28)
    - Re: uPRF strict more Nick Hilliard (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - RE: uPRF strict more Brian Turnbow via NANOG (Sep 29)
    - Re: uPRF strict more Barry Greene (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
  - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Sabri Berisha (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 30)
  - Re: uPRF strict more Adam Thompson (Sep 29)
    - Re: uPRF strict more Phil Bedard (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)
    - RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)

(Thread continues...)