|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical different flavours of uRPF [RE: register.com down sev0?]
On Thu, 26 Oct 2006, Tony Li wrote: > > It was possible to implement BCP38 before the router vendors > > came up with uRPF. > > Further, uRPF is frequently a very inefficient means of implementing BCP > 38. Consider that you're going to either compare the source address > against a table of 200,000 routes or against a handful of prefixes that > you've statically configured in an ACL. Isn't that only a problem if you want to run a loose mode uRPF? Given that loose mode uRPF isn't very useful in most places where you'd like to do ingress filtering, this doesn't seem like a big issue.. BTW, I still keep wondering why Cisco hasn't implemented something like Juniper's feasible-path strict uRPF. Works quite well with multihomed and asymmetric routing as well -- no need to fiddle with communities, BGP weights etc. to ensure symmetry. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|