29 Sep
2021
29 Sep
'21
8:09 a.m.
uRPF Strict mode was always suppose a widget for source address validation (SAV). Just like DHCP Lease Query (DOCSIS), the TR-69 ACLs, general ACLs, and other vendor specific widgets. Like all widgets, there are places where it works and other place were it does not. The key principle is to deploy on the customer - provider edge (with provider = to ISPs, CSPs and cloud providers). Which widget you select is an engineering decision. As Saku points out, some vendors PPS with uRPF is worse than a simple ACLs. But then the PPS hit might be OK if uRPF Strict mode cuts down the operational logistics maintaining the customer ACLs. No right or wrong, just engineering choices for SAV deployment.