17 Aug
2017
17 Aug
'17
9:11 a.m.
On Thu, Aug 17, 2017 at 7:35 AM, Mike Hammett <nanog@ics-il.net> wrote:
Strict vs. loose.
Hi Mike, Doesn't loose mode URPF allow packets from anything that exists in the routing table regardless of source? Seems just about worthless. You're allowing the site to spoof anything in the routing table which is NOT BCP38. Strict mode URPF down paths guaranteed to be single-homed. Manually configure allowed sources and announcements for BGP-talking customers. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>