North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: different flavours of uRPF [RE: register.com down sev0?]

  • From: Tony Li
  • Date: Fri Oct 27 11:39:37 2006


Pekka Savola wrote:
> On Thu, 26 Oct 2006, Tony Li wrote:
>>> It was possible to implement BCP38 before the router vendors 
>>> came up with uRPF.
>> Further, uRPF is frequently a very inefficient means of implementing BCP
>> 38.  Consider that you're going to either compare the source address
>> against a table of 200,000 routes or against a handful of prefixes that
>> you've statically configured in an ACL.
> 
> Isn't that only a problem if you want to run a loose mode uRPF?  
> Given that loose mode uRPF isn't very useful in most places where 
> you'd like to do ingress filtering, this doesn't seem like a big 
> issue..

Strict mode uRPF is likely to be implemented by performing a full
forwarding table lookup and then comparing the packet's incoming
interface to the interface from the forwarding table result.

Tony