uPRF strict more

Nick Hilliard nick at foobar.org
Wed Sep 29 09:12:32 UTC 2021


Saku Ytti wrote on 29/09/2021 07:03:
> Having said that, I'm not convinced anyone should use uRPF at all.
> Because you should already know what IP addresses are possible behind
> the port, if you do, you can do ACL, and ACL is significantly lower
> cost in PPS in a typical modern lookup engine.

urpf has its place if your network config build processes aren't 
automated to the point that it's no longer necessary.  It would be a net 
security loss to the internet not to have it widely implemented on 
access devices.

Nick


More information about the NANOG mailing list