Partial vs Full tables

William Herrin bill at
Thu Jun 11 16:17:31 UTC 2020

On Thu, Jun 11, 2020 at 9:08 AM brad dreisbach <bradd at> wrote:
> uRPF absolutely kills the pps performance or your hardware due to the packet
> having to be recirculated to do the check(at least this is the case on every
> platform that ive ever tested it on). use acl's to protect your edge.

Hi Brad,

Don't the ACLs generally live in a partition of the TCAM too? So
you're going from two constant-time TCAM lookups per packet (route,
acls) to three (route, urpf, acls)? Not rhetorical; getting close to
the edge of my knowledge here.

Bill Herrin

William Herrin
bill at

More information about the NANOG mailing list