Cogent BCP-38

William Herrin bill at herrin.us
Thu Aug 17 13:11:05 UTC 2017


On Thu, Aug 17, 2017 at 7:35 AM, Mike Hammett <nanog at ics-il.net> wrote:

> Strict vs. loose.
>

Hi Mike,

Doesn't loose mode URPF allow packets from anything that exists in the
routing table regardless of source? Seems just about worthless. You're
allowing the site to spoof anything in the routing table which is NOT
BCP38.

Strict mode URPF down paths guaranteed to be single-homed. Manually
configure allowed sources and announcements for BGP-talking customers.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>



More information about the NANOG mailing list