<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    As an eyeball network operator (Cable, DSL, Fiber) we use uRPF
    strict mode on customer facing ports on the BRAS gear. Our access
    gear also tends to include source address verification via DHCP
    snooping (as well as limits on the number of DHCP leases and/or MAC
    addresses each customer is allowed) so there are a couple layers of
    protection.<br>
    <br>
    I do not use uRPF on upstream/transit/IX links or with multi-homed
    customers - or anywhere else where traffic could be asymmetrical; I
    prefer to use stateless ACLs at these locations.<br>
    <br>
    <br>
    <div class="moz-signature"><br>
    </div>
    <div class="moz-cite-prefix">On 9/28/2021 8:06 PM, Amir Herzberg
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAHBw0M-T-vRbkhDjy_6ypEMTUgtrAt6iqKbB4BO7hfWFB75nGQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">Randy, great question. I'm teaching that it's very
        rarely, if ever, used (due to high potential for benign loss);
        it's always great to be either confirmed or corrected... 
        <div><br>
        </div>
        <div>So if anyone replies just to Randy - pls cc me too (or,
          Randy, if you could sum up and send to list or me - thanks!)</div>
        <div><br>
        </div>
        <div>Amir<br clear="all">
          <div>
            <div dir="ltr" class="gmail_signature"
              data-smartmail="gmail_signature">
              <div dir="ltr">
                <div dir="ltr">-- <br>
                  <div>Amir Herzberg<br>
                  </div>
                  <div><br>
                  </div>
                  <div>Comcast professor of Security Innovations,
                    Computer Science and Engineering, University of
                    Connecticut</div>
                  <div>Homepage: <a
                      href="https://sites.google.com/site/amirherzberg/home"
                      target="_blank" moz-do-not-send="true">https://sites.google.com/site/amirherzberg/home</a></div>
                  <div>`Applied Introduction to Cryptography' textbook
                    and lectures:<a
href="https://sites.google.com/site/amirherzberg/applied-crypto-textbook"
                      target="_blank" moz-do-not-send="true"> https://sites.google.com/site/amirherzberg/applied-crypto-textbook</a></div>
                  <div><br>
                  </div>
                  <br>
                </div>
              </div>
            </div>
          </div>
          <br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Tue, Sep 28, 2021 at 8:50
          PM Randy Bush <<a href="mailto:randy@psg.com"
            moz-do-not-send="true">randy@psg.com</a>> wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">do
          folk use uPRF strict mode?  i always worried about the
          multi-homed<br>
          customer sending packets out the other way which loop back to
          me;  see<br>
          RFC 8704 §2.2<br>
          <br>
          do vendors implement the complexity of 8704; and, if so, do
          operators<br>
          use it?<br>
          <br>
          clue bat please<br>
          <br>
          randy<br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </body>
</html>