On Wed, Dec 3, 2025 at 8:32 PM Frank Habicht via NANOG <nanog@lists.nanog.org> wrote:
if you're a customer, using only my PA space, and multihomed: I'll do BGP with you -- you can be AS64512. I'll do strict uRPF with a fail-filter allowing all my PA space sourced by you.
Is there a problem with that?
Most likely, yes there is.
I can drop my announcement without dropping the BGP session. There are lots of reasons to do so. agreed. If you're doing strict URPF, you'll start blackholeing packets I send to you on the link based on the routes you're still sending to me, even though they're from the address space you assigned to me. my "with a fail-filter allowing" above meant
On 12/4/2025 4:19 PM, William Herrin wrote: the $J-speak "rpf-check fail-filter <filter>" - which will allow this.
URPF will show the return route transiting the other link.
It's even more dicey if the multihoming isn't two links with you but rather a link with you and another with someone else.
my "using only my PA space" condition should still prevent undesired discards of packets on my part. Frank