nanog mailing list archives

Re: [External] Re: uPRF strict more

From: Saku Ytti <saku () ytti fi>
Date: Thu, 30 Sep 2021 19:21:13 +0300

On Thu, 30 Sept 2021 at 19:00, Hunter Fuller via NANOG <nanog () nanog org> wrote:

What it does allow is for *deliberate* blackholing for traffic; if you
null-route a prefix, you now block incoming traffic from that subnet
as well. This can be useful and it is how we are using URPF.


I don't think it is implied here, but just for clarification this is
implementation detail. Loose and blackhole route does not imply this
behaviour, It might, it might not, depending on vendor/implementation.
JunOS by default considers null route as loose path satisfied, and you
need 'set forwarding-options rpf-loose-mode-discard family X' to
behave like you explain.

-- 
  ++ytti

Current thread:

Re: uPRF strict more, (continued)
- - - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: uPRF strict more Baldur Norddahl (Sep 29)
    - Re: uPRF strict more brad dreisbach (Sep 29)
    - Re: uPRF strict more Mark Tinka (Sep 29)
    - Re: [External] Re: uPRF strict more Hunter Fuller via NANOG (Sep 30)
    - Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
    - Re: [External] Re: uPRF strict more Valdis Klētnieks (Sep 30)
    - Re: [External] Re: uPRF strict more Mark Tinka (Sep 30)
    - Re: [External] Re: uPRF strict more Andrew Smith (Sep 30)
    - Re: [External] Re: uPRF strict more Sabri Berisha (Sep 30)
    - Re: [External] Re: uPRF strict more Saku Ytti (Sep 30)
    - RE: [External] Re: uPRF strict more Brian Turnbow via NANOG (Sep 30)
    - Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more Mark Tinka (Sep 29)
- Re: uPRF strict more John Kristoff (Sep 29)