uPRF strict more
Mark Tinka
mark at tinka.africa
Wed Sep 29 12:01:33 UTC 2021
On 9/29/21 11:12, Nick Hilliard wrote:
>
> urpf has its place if your network config build processes aren't
> automated to the point that it's no longer necessary. It would be a
> net security loss to the internet not to have it widely implemented on
> access devices.
As little as 12 months ago, many vendors either had no or a delayed
roadmap to support uRPF due to lack of support on usually Broadcom
chips, or just a lack of interest in developing code if the Broadcom
chip they had supported it.
This was typically the case for new vendors entering the game, or
existing ones who were starting to build a merchant chip product line.
I had this issue with Nokia's new IXR line last year. I think they may
have implemented it on some of their boxes, but not sure yet.
Mark.
More information about the NANOG
mailing list