uPRF strict more

• Previous message (by thread): uPRF strict more
• Next message (by thread): uPRF strict more
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/29/21 08:03, Saku Ytti wrote:

> Vast majority of access ports are stubby, with no multihoming or
> redundancy. And uRPF strict is indeed used often here, but answer very
> rarely if ever applies for non-stubby port.
>
> Having said that, I'm not convinced anyone should use uRPF at all.
> Because you should already know what IP addresses are possible behind
> the port, if you do, you can do ACL, and ACL is significantly lower
> cost in PPS in a typical modern lookup engine.

I tend to agree that ACL's will cost less in the data plane. But the 
only issue, if you feel either uRPF or ACL's are an option, is that for 
large customers who have tons of (especially dis-contiguous address 
space that they may not own), the potential for mistakes can happen 
where some space may either be missed, or incorrectly configured, when 
ACL's are a chosen alternative to uRPF.

Mark.

• Previous message (by thread): uPRF strict more
• Next message (by thread): uPRF strict more
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]