uPRF strict more

Mark Tinka mark at tinka.africa
Wed Sep 29 14:27:33 UTC 2021



On 9/29/21 16:21, Blake Hudson wrote:

> I do not use uRPF on upstream/transit/IX links or with multi-homed 
> customers - or anywhere else where traffic could be asymmetrical; I 
> prefer to use stateless ACLs at these locations.

On peering and transit routers, on ports facing the remote side, we 
apply ACL's to drop traffic inbound from reserved space, as well as our 
own (as we shouldn't see it coming in from the outside).

It's amazing how many matches we see, for all space, both IPv4 and IPv6. 
Tells just how open some of the "major" networks are :-).

Mark.


More information about the NANOG mailing list