RE: different flavours of uRPF [RE: register.com down sev0?]
Strict mode uRPF is likely to be implemented by performing a full forwarding table lookup and then comparing the packet's incoming interface to the interface from the forwarding table result.
uRPF uses the same look up algorithm as you do when you look up the destination address for next hop.
Pekka might have meant wouldn't you build a separate 'urpf table' per interface perhaps? (just guessing at his intent) though there is only one 'urpf table' which is the fib, right?
This is VRF Mode uRPF. Where you configure the uRPF to check a separate VRF(FIB). This decouples the policy table for the active forwarding table - providing more flexibility - at the cost of memory. You can set it to one of two mode - white list (if exist pass) or black list (if exist drop). The white list is what SPs have been interested in since you can fill the VRF with the prefixes from a peering partner/customer - then insure all source addressing coming from that customer matches the BGP prefixes being sent.
participants (1)
-
Barry Greene (bgreene)