nanog mailing list archives
Re: BCP38 For BGP Customers
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Tue, 8 Nov 2022 22:08:03 -0700
On 11/8/22 1:01 PM, William Herrin wrote:
Hi Grant,
Hi Bill,
Two words: asymmetric routing.
ACK
Useful automated reverse path filtering can ONLY be used when there is exactly ONE valid path to which and from which packets can be received. This is where strict mode uRPF actually works.
This seems to be predicated on /strict/ uRPF enforcement.
As for loose mode, it's basically useless in a BCP38 discussion. Loose mode only filters bogons. It doesn't prevent impersonation of any IP address currently routed in the system and doesn't do anything at all on a router with a default route.
Okay. I didn't see how /loose/ uRPF could do any good save for the DFZ or other situation where there isn't a default route.
This thread has made me wonder if there isn't a need for a 3rd type of uRPF or comparable filtering wherein the incoming interface is a viable route in the RIB even if it's not the best route in the FIB.
Thank you for the explanation Bill. -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: BCP38 For BGP Customers, (continued)
- Re: BCP38 For BGP Customers Joel Halpern (Nov 08)
- Re: [EXTERNAL] Re: BCP38 For BGP Customers Compton, Rich A (Nov 08)
- Re: [EXTERNAL] Re: BCP38 For BGP Customers Joel Halpern (Nov 08)
- Re: BCP38 For BGP Customers Jay R. Ashworth (Nov 08)
- Re: BCP38 For BGP Customers Grant Taylor via NANOG (Nov 08)
- Re: BCP38 For BGP Customers William Herrin (Nov 08)
- Re: BCP38 For BGP Customers Mike Hammett (Nov 08)
- Re: BCP38 For BGP Customers William Herrin (Nov 08)
- RE: BCP38 For BGP Customers Adam Thompson (Nov 22)
- Re: BCP38 For BGP Customers Grant Taylor via NANOG (Nov 08)
- Re: BCP38 For BGP Customers William Herrin (Nov 08)
- Re: BCP38 For BGP Customers Grant Taylor via NANOG (Nov 10)
- Re: BCP38 For BGP Customers William Herrin (Nov 10)
- Re: BCP38 For BGP Customers Jared Mauch (Nov 10)