On Thu, Mar 29, 2012 at 07:31:26PM -0400, Jon Lewis wrote:
On Thu, 29 Mar 2012, Joe Provo wrote:
uRFP was a trivial, 0-impact feature on the cisco VXR-based CMTS platform. Assert a simple statement in the default config (along with 'ips classless' and all your other standard config elements)
uRPF: or as it's now used in ios, ip verify unicast source reachable-via rx ...
I don't know what it would have to do with ip classless.
Stated to counter 'config is hard' as there junk you have to do regardless. Add it to your standard specs and be done.
uRPF stops your customers from sending forged source address packets. Since forged source address packets are rarely traced back to their actual source, I'm not sure how configuring it on your network would reduce your abuse desk workload at all.
Guess we had better informed neighbors? :-) You caught the rhetoric; the cost was that trivial. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NewNOG