different flavours of uRPF [RE: register.com down sev0?]
Barry Greene (bgreene)
bgreene at cisco.com
Fri Oct 27 21:06:45 UTC 2006
> > Strict mode uRPF is likely to be implemented by performing a full
> > forwarding table lookup and then comparing the packet's incoming
> > interface to the interface from the forwarding table result.
uRPF uses the same look up algorithm as you do when you look up the
destination address for next hop.
> Pekka might have meant wouldn't you build a separate 'urpf
> table' per interface perhaps? (just guessing at his intent)
> though there is only one 'urpf table' which is the fib, right?
This is VRF Mode uRPF. Where you configure the uRPF to check a separate
VRF(FIB). This decouples the policy table for the active forwarding
table - providing more flexibility - at the cost of memory. You can set
it to one of two mode - white list (if exist pass) or black list (if
exist drop). The white list is what SPs have been interested in since
you can fill the VRF with the prefixes from a peering partner/customer -
then insure all source addressing coming from that customer matches the
BGP prefixes being sent.
More information about the NANOG