[nsp] RPF on Catalyst 6k
Florian Weimer
Weimer at CERT.Uni-Stuttgart.DE
Thu Dec 26 18:39:10 EST 2002
"Rubens Kuhl Jr." <rkjnsp@ieg.com.br> writes:
> Because of performance on a wire-speed device, all checkings must be done in
> parallel. If the CEF table were stored at only one place, it would require 2
> lookups to fetch the destination and verify RPF. As far as I know, it's an
> identical copy.
BTW, is it better to implement anti-spoofing filters using uRPF, or
using regular ACLs (which end up in the TCAM for ACLs)? Which one is
more robust during DoS attacks with randomly spoofed source addresses?
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
More information about the cisco-nsp
mailing list