On Mon, 14 Oct 2019 at 09:30, Vincent Bernat <bernat@luffy.cx> wrote:
How much performance impact should we expect with uRPF?
Depends on the platform, but often it's 2nd lookup. So potentially 50% decrease in performance. Some platforms it means FIB duplication. And ultimately it doesn't really offer anything over ACL, which is, in comparison, much cheaper feature. I would encourage people to toolise this, then the ACL generation is no cost or complexity. And you can use ACL for many BGP customers too, as you create 'perfect' prefix-list for customer, you can reference to same prefix-list in ACL, without actually needing customer to announce that prefix, as it's entirely valid to originate traffic from allowable prefix without advertising the prefix (to you). -- ++ytti