11 Jun
2020
11 Jun
'20
12:17 p.m.
On Thu, Jun 11, 2020 at 9:08 AM brad dreisbach <bradd@us.ntt.net> wrote:
uRPF absolutely kills the pps performance or your hardware due to the packet having to be recirculated to do the check(at least this is the case on every platform that ive ever tested it on). use acl's to protect your edge.
Hi Brad, Don't the ACLs generally live in a partition of the TCAM too? So you're going from two constant-time TCAM lookups per packet (route, acls) to three (route, urpf, acls)? Not rhetorical; getting close to the edge of my knowledge here. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/