uPRF strict more
Mark Tinka
mark at tinka.africa
Wed Sep 29 11:57:02 UTC 2021
On 9/29/21 08:03, Saku Ytti wrote:
> Vast majority of access ports are stubby, with no multihoming or
> redundancy. And uRPF strict is indeed used often here, but answer very
> rarely if ever applies for non-stubby port.
>
> Having said that, I'm not convinced anyone should use uRPF at all.
> Because you should already know what IP addresses are possible behind
> the port, if you do, you can do ACL, and ACL is significantly lower
> cost in PPS in a typical modern lookup engine.
I tend to agree that ACL's will cost less in the data plane. But the
only issue, if you feel either uRPF or ACL's are an option, is that for
large customers who have tons of (especially dis-contiguous address
space that they may not own), the potential for mistakes can happen
where some space may either be missed, or incorrectly configured, when
ACL's are a chosen alternative to uRPF.
Mark.
More information about the NANOG
mailing list