15 Oct
2020
15 Oct
'20
10:46 a.m.
From: Saku Ytti <saku@ytti.fi> Sent: Thursday, October 15, 2020 3:30 PM
On Thu, 15 Oct 2020 at 17:22, Tim Durack <tdurack@gmail.com> wrote:
We deploy urpf strict on all customer end-host and broadband circuits. In this scenario urpf = ingress acl I don't have to think about.
But you have to think about what prefixes a customer has. If BGP you need to generate prefix-list, if static you need to generate a static route. As you already have to know and manage this information, what is the incremental cost to also emit an ACL?
Actually ideally there would be a feature/knob to automatically sync BGP (and static routes) with packet filters. adam