On Tue, Oct 13, 2020 at 05:49:42PM -0500, Brian Knight via NANOG wrote:
Hi Mel,
My understanding of uRPF is:
* Strict mode will permit a packet only if there is a route for the source IP in the RIB, and that route points to the interface where the packet was received
* Loose mode will permit a packet if there is a route for the source IP in the RIB. It does not matter where the route is pointed.
Strict mode won't work for us, because with our multi-homed transits and IX peers, we will almost certainly drop a legitimate packet because the best route is through another transit.
Loose mode won't work for us, because all of our own prefixes are in our RIB, and thus the uRPF check on a transit would never block anything.
You'll be surprised at the garbage you would drop that you can't return. - Jared