On Mon, Aug 05, 2002 at 11:59:04PM +0800, Barry Raveendran Greene wrote:
We already have BCP 38, which strongly recommends packet filtering on the customer-ISP edge. There are now two major vendors who have strict mode uRPF. This which covers 80% of the BCP 38 packet filtering on the customer-ISP edge. With a few BGP config tweaks, strict mode uRPF can cover a lot of the last 20% (all those multihomed customers).
Except vendor J doesn't spend much time at the customer edge, and vendor F seems to think that you should do per-interface RPF with acl's. Also, vendor J's implementation of loose mode is significantly different from everyone elses. It seems they mean "is it feasible for this src ip to be routed to this interface regardless or route selection", not "it is feasible for this src ip to be routes to any interface on the box". Or to put it another way, say you peer with someone who sends you 5000 routes, but you only accept 4000 as best-path. If you feasible filter it, you'll be allowing src IPs from those 5000 prefixes, not from all 100k+ on the box. While this is potentially a neat feature, it isn't the same as true "loose". Between that and only being able to set strict or feasible for the entire box and not per-interface, I'd say vendor J's implementation is almost completely useless at this point. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)