On 9/29/21 19:07, Adam Thompson wrote:

We just ran into a typical case where uRPF caused a partial outage for one of my customers: the customer is multi-homed, with another provider that I'm also​ connected to.  Customer advertised a longer-prefix to the other guy, so I started sending traffic destined for Customer to the Other Provider... who then promptly dropped it because they had uRPF enabled on the peering link, and they were seeing random source IPs that weren't mine.  Well... yeah, that can happen (semi-legitimately) anytime you have a topological triangle in peering.

I've concluded over the last 2 years that uRPF is only​ useful on interfaces pointing directly at non-multi-homed customers, and actively dangerous anywhere else.

That's not exactly true, unless that other provider is not carrying a full table on the device your traffic toward your customer was transiting.

Generally, we only run uRPF on boxes that carry a fully BGP table. The lack of a full table, even with loose-mode uRPF, will lead to blackholing.

Mark.