nanog mailing list archives

Re: uPRF strict more

From: Barry Greene <bgreene () senki org>
Date: Wed, 29 Sep 2021 20:09:13 +0800


uRPF Strict mode was always suppose a widget for source address validation (SAV). Just like DHCP Lease Query (DOCSIS), 
the TR-69 ACLs, general ACLs, and other vendor specific widgets. Like all widgets, there are places where it works and 
other place were it does not. The key principle is to deploy  on the customer - provider edge (with provider = to ISPs, 
CSPs and cloud providers). 

Which widget you select is an engineering decision. As Saku points out, some vendors PPS with uRPF is worse than a 
simple ACLs. But then the PPS hit might be OK if uRPF Strict mode cuts down the operational logistics maintaining the 
customer ACLs. No right or wrong, just engineering choices for SAV deployment.

Current thread:

uPRF strict more Randy Bush (Sep 28)
- Re: uPRF strict more Amir Herzberg (Sep 28)
  - Re: uPRF strict more Saku Ytti (Sep 28)
    - Re: uPRF strict more Nick Hilliard (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - RE: uPRF strict more Brian Turnbow via NANOG (Sep 29)
    - Re: uPRF strict more Barry Greene (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
  - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 29)
    - Re: uPRF strict more Sabri Berisha (Sep 29)
    - Re: uPRF strict more Blake Hudson (Sep 30)
  - Re: uPRF strict more Adam Thompson (Sep 29)
    - Re: uPRF strict more Phil Bedard (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)
    - RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)

(Thread continues...)