On Thu, 29 Mar 2012, Joe Provo wrote:
uRFP was a trivial, 0-impact feature on the cisco VXR-based CMTS platform. Assert a simple statement in the default config (along with 'ips classless' and all your other standard config elements)
uRPF: or as it's now used in ios, ip verify unicast source reachable-via rx ... I don't know what it would have to do with ip classless. It requires ip cef, but so do lots of other "features" including reasonably fast packet forwarding.
and job done. It assisted in reducing our abuse desk workload by eliminating a class of attacks from us, so the trivial "cost" was worth it in opex. ISTR it being on the required feature list for additional CMTS evaluations but it has been many years since I touched that kit.
uRPF stops your customers from sending forged source address packets. Since forged source address packets are rarely traced back to their actual source, I'm not sure how configuring it on your network would reduce your abuse desk workload at all. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________