North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: different flavours of uRPF [RE: register.com down sev0?]
- From: Chris L. Morrow
- Date: Fri Oct 27 12:53:59 2006
On Fri, 27 Oct 2006, Tony Li wrote:
> Pekka Savola wrote:
> > On Thu, 26 Oct 2006, Tony Li wrote:
> >>> It was possible to implement BCP38 before the router vendors
> >>> came up with uRPF.
> >> Further, uRPF is frequently a very inefficient means of implementing BCP
> >> 38. Consider that you're going to either compare the source address
> >> against a table of 200,000 routes or against a handful of prefixes that
> >> you've statically configured in an ACL.
> >
> > Isn't that only a problem if you want to run a loose mode uRPF?
> > Given that loose mode uRPF isn't very useful in most places where
> > you'd like to do ingress filtering, this doesn't seem like a big
> > issue..
>
> Strict mode uRPF is likely to be implemented by performing a full
> forwarding table lookup and then comparing the packet's incoming
> interface to the interface from the forwarding table result.
Pekka might have meant wouldn't you build a seperate 'urpf table' per
interface perhaps? (just guessing at his intent) though there is only one
'urpf table' which is the fib, right?
|
