[c-nsp] Setting "weight 255" as default for customer BGP with
uRPF strict
Pekka Savola
pekkas at netcore.fi
Sun Nov 21 13:42:54 EST 2004
On Sun, 21 Nov 2004, Brian Feeny wrote:
> I realize loose uRPF is the better solution, but with regards to strict uRPF,
> does anyone see any caveats to doing this?
> (not all routers on the network are running code that support loose mode, and
> I can only phase in a few changes at a time).
Uh oh, loose uRPF does not actually prevent the customer from spoofing
traffic, so I wouldn't say it's "the better solution" at all..
See RFC 3704.
In rough order of preference, YMMV,
1) Feasible Path RPF (like strict w/ weight as you're doing)
2) Strict RPF
3) Manual access lists
4) Loose RPF
5) nothing
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the cisco-nsp
mailing list