[c-nsp] Bogon Filter - Least Resource/CPU intensive method?

Jeff Kell jeff-kell at utc.edu
Wed Mar 5 09:09:37 EST 2008


roy wrote:
> IIRC, "ip route bogon/net null0" will filter on near line-rate based on
> destination addresses.
>
> rpf (strict/loose) on the other hand will accomplish a somewhat similar
> solution as with your acl to filter packets based on source addresses
> consuming less resources (assuming you have [full|known] routes to
> desired destinations).

Does loose rpf indeed drop packets sourced from null routes?  I know 
strict does for certain, and is the least intensive method of blocking 
packets sourced from a particular IP/subnet.

Jeff


More information about the cisco-nsp mailing list