BCP38 Deployment

• Previous message (by thread): BCP38 Deployment
• Next message (by thread): BCP38 Deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 29 Mar 2012, Joe Provo wrote:

> uRFP was a trivial, 0-impact feature on the cisco VXR-based CMTS
> platform. Assert a simple statement in the default config (along
> with 'ips classless' and all your other standard config elements)

uRPF: or as it's now used in ios,
ip verify unicast source reachable-via rx ...

I don't know what it would have to do with ip classless.  It requires ip 
cef, but so do lots of other "features" including reasonably fast packet 
forwarding.

> and job done. It assisted in reducing our abuse desk workload by
> eliminating a class of attacks from us, so the trivial "cost" was
> worth it in opex. ISTR it being on the required feature list for
> additional CMTS evaluations but it has been many years since I
> touched that kit.

uRPF stops your customers from sending forged source address 
packets.  Since forged source address packets are rarely traced back to 
their actual source, I'm not sure how configuring it on your network would 
reduce your abuse desk workload at all.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): BCP38 Deployment
• Next message (by thread): BCP38 Deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]