uPRF strict more
Nick Hilliard
nick at foobar.org
Wed Sep 29 09:12:32 UTC 2021
Saku Ytti wrote on 29/09/2021 07:03:
> Having said that, I'm not convinced anyone should use uRPF at all.
> Because you should already know what IP addresses are possible behind
> the port, if you do, you can do ACL, and ACL is significantly lower
> cost in PPS in a typical modern lookup engine.
urpf has its place if your network config build processes aren't
automated to the point that it's no longer necessary. It would be a net
security loss to the internet not to have it widely implemented on
access devices.
Nick
More information about the NANOG
mailing list