http://www.cisco.com/warp/public/707/newsflash.html There are some limitations as to where uRPF works, SONET only on GSRs for example (thanks Cisco). I believe it will work on 65xx (SUP1A and SUP2 I think) regardless of interface type. Impact should be minimal, as it simply does a lookup in the CEF table, if the route isn't there it discards.
We're running 6509's - both Sup1a and Sup2 - with 10, 100, and GigE links in a large campus environment. We did have some problems with the Sup2's running hybrid code, but the Sup1a's were fine. When we switched over to native IOS about six months ago, both the Sup1a's and Sup2's handled it without a problem or performance hit, even on some of our campus Gigabit links. Its a nice feature but, as someone already pointed out, its based on routing table entries so there is NO PROTECTION if someone on a subnet is spoofing the IP of another system on the same subnet. Having said that, we use it more so that we can quickly track the source of an attack if its originating on our network rather than as a means to protect ourselves from the big, bad Internet. Once we know the source, we know for sure what router interface its originating from, so we just start snooping traffic from that interface to find the offending MAC and go from there... Another limitation that we've found with uRPF is that it doesn't live well with multihomed systems (i.e. a host with two NIC's - each on a different subnet) because of the way most OS'es handle their default gateways. For anyone who is interested in our experience, drop me a note off list. If you have a solution for this multihoming problem, PLEASE email me off-list. Eric :)