Request comment: list of IPs to block outbound

• Previous message (by thread): Request comment: list of IPs to block outbound
• Next message (by thread): Request comment: list of IPs to block outbound
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 14 Oct 2019 at 09:30, Vincent Bernat <bernat at luffy.cx> wrote:

> How much performance impact should we expect with uRPF?

Depends on the platform, but often it's 2nd lookup. So potentially 50%
decrease in performance. Some platforms it means FIB duplication. And
ultimately it doesn't really offer anything over ACL, which is, in
comparison, much cheaper feature.
I would encourage people to toolise this, then the ACL generation is
no cost or complexity. And you can use ACL for many BGP customers too,
as you create 'perfect' prefix-list for customer, you can reference to
same prefix-list in ACL, without actually needing customer to announce
that prefix, as it's entirely valid to originate traffic from
allowable prefix without advertising the prefix (to you).





-- 
  ++ytti

• Previous message (by thread): Request comment: list of IPs to block outbound
• Next message (by thread): Request comment: list of IPs to block outbound
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]