nanog mailing list archives
Re: [External] Re: uPRF strict more
From: Mark Tinka <mark@tinka.africa>
Date: Thu, 30 Sep 2021 18:12:51 +0200
On 9/30/21 17:56, Hunter Fuller wrote:
On Thu, Sep 30, 2021 at 12:08 AM Mark Tinka <mark@tinka.africa> wrote:If you don't plan to run a full BGP table on a device, don't enable uRPF, even loose-mode.At least in Ciscoland, loose URPF checks will pass if you have a default route. So I do not think it could result in inadvertent blackholing of traffic. What it does allow is for *deliberate* blackholing for traffic; if you null-route a prefix, you now block incoming traffic from that subnet as well. This can be useful and it is how we are using URPF.
Agreed.I should have said "If you don't plan to run a full BGP table on a device without a default a route as well, don't enable uRPF, even loose-mode".
Principally, we don't run default on any of our service routers. Technically, we point default to the bin on all our service routers, as that's the fastest way for the router to handle illegal traffic it "could" receive.
Mark.
Current thread:
- RE: uPRF strict more, (continued)
- RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
- Re: uPRF strict more brad dreisbach (Sep 29)
- RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
- Message not available
- RE: uPRF strict more Jean St-Laurent via NANOG (Sep 29)
- Re: uPRF strict more Anoop Ghanwani (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Baldur Norddahl (Sep 29)
- Re: uPRF strict more brad dreisbach (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: [External] Re: uPRF strict more Hunter Fuller via NANOG (Sep 30)
- Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
- Re: [External] Re: uPRF strict more Valdis Klētnieks (Sep 30)
- Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
- Re: [External] Re: uPRF strict more Andrew Smith (Sep 30)
- Re: [External] Re: uPRF strict more Sabri Berisha (Sep 30)
- Re: [External] Re: uPRF strict more Saku Ytti (Sep 30)
- RE: [External] Re: uPRF strict more Brian Turnbow via NANOG (Sep 30)
- Re: uPRF strict more Mark Tinka (Sep 29)