BCP 38 addendum

Fabien VINCENT (NaNOG) list-nanog at beufa.net
Tue Mar 6 21:16:54 UTC 2018


Le 2018-03-06 19:39, Barry Greene a écrit :

>> On Mar 2, 2018, at 1:53 PM, Fabien VINCENT (NaNOG) <list-nanog at beufa.net> wrote: 
>> Hope one day the 3rd mode of uRPF will be something else than a plan ...
>> uRPF is not very usefull when multi homed. And as far as I know, multi
>> homed networks are increasing as fast as PNI development ;)
> 
> This was working microcode code when I left in 2008. Several operators tested, but none deployed (no pushing or pulling).

Yep,  but saw only reference of it, but no real CLI implementation
(especially on Cisco), so I guess it's not a killer feature to sell
routers ;) 

In 2005 :
https://www.cisco.com/c/dam/en_us/about/security/intelligence/urpf.pdf 

"A third phase is currently under way that will create a way to have
strict enforcement of the uRPF check on individual ISP-ISP edges. Here,
external BGP (eBGP) peer sessions will send specific prefixes to a
dedicated Virtual routing and forwarding (VRF) table. This will allow
uRPF to query the VRF table that contains all the routes for that
specific eBGP peering session over the interface, thus verifying
(authorizing) the source addresses of packets matching the advertised
routes from the peered ISP" 

That's obviously not so sexy, but I guess the problem is on hardware
performance, as the prefer method should to have a look on BGP tables,
and uRPF is done on FIB / ASIC level. Sadly, seems not possible right ?

-- 
FABIEN VINCENT 
_ at beufanet_


More information about the NANOG mailing list