BCP38 For BGP Customers
Grant Taylor
gtaylor at tnetconsulting.net
Wed Nov 9 05:08:03 UTC 2022
On 11/8/22 1:01 PM, William Herrin wrote:
> Hi Grant,
Hi Bill,
> Two words: asymmetric routing.
ACK
> Useful automated reverse path filtering can ONLY be used when there
> is exactly ONE valid path to which and from which packets can be
> received. This is where strict mode uRPF actually works.
This seems to be predicated on /strict/ uRPF enforcement.
> As for loose mode, it's basically useless in a BCP38 discussion. Loose
> mode only filters bogons. It doesn't prevent impersonation of any
> IP address currently routed in the system and doesn't do anything at
> all on a router with a default route.
Okay. I didn't see how /loose/ uRPF could do any good save for the DFZ
or other situation where there isn't a default route.
This thread has made me wonder if there isn't a need for a 3rd type of
uRPF or comparable filtering wherein the incoming interface is a viable
route in the RIB even if it's not the best route in the FIB.
Thank you for the explanation Bill.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221108/54b6abdb/attachment.bin>
More information about the NANOG
mailing list