27 Oct
2006
27 Oct
'06
12:45 p.m.
On Fri, 27 Oct 2006, Tony Li wrote: > Pekka Savola wrote: > > On Thu, 26 Oct 2006, Tony Li wrote: > >>> It was possible to implement BCP38 before the router vendors > >>> came up with uRPF. > >> Further, uRPF is frequently a very inefficient means of implementing BCP > >> 38. Consider that you're going to either compare the source address > >> against a table of 200,000 routes or against a handful of prefixes that > >> you've statically configured in an ACL. > > > > Isn't that only a problem if you want to run a loose mode uRPF? > > Given that loose mode uRPF isn't very useful in most places where > > you'd like to do ingress filtering, this doesn't seem like a big > > issue.. > > Strict mode uRPF is likely to be implemented by performing a full > forwarding table lookup and then comparing the packet's incoming > interface to the interface from the forwarding table result. Pekka might have meant wouldn't you build a seperate 'urpf table' per interface perhaps? (just guessing at his intent) though there is only one 'urpf table' which is the fib, right?