[External] Re: uPRF strict more

Brian Turnbow b.turnbow at twt.it
Thu Sep 30 16:31:30 UTC 2021


Hi 

> 
> > What it does allow is for *deliberate* blackholing for traffic; if you
> > null-route a prefix, you now block incoming traffic from that subnet
> > as well. This can be useful and it is how we are using URPF.
> 
> I don't think it is implied here, but just for clarification this is implementation
> detail. Loose and blackhole route does not imply this behaviour, It might, it
> might not, depending on vendor/implementation.
> JunOS by default considers null route as loose path satisfied, and you need
> 'set forwarding-options rpf-loose-mode-discard family X' to behave like you
> explain.

Yes even in cisco land for Ios XR SBRTBH you need set next-hop discard in route policy.
You cannot use recursive lookup to null in urpf

Brian


More information about the NANOG mailing list