[c-nsp] Unicast Reverse Path Forwarding - Loose Mode
Daniel Kratz
dkratz at gmail.com
Thu Apr 8 07:37:24 EDT 2010
Reuben,
In my opinion, the major gain is when deployed uRPF Loose Mode on
border routers is the possibility to drop traffic based on blackhole
for source address or source network flows. You may point local static
route to null or use a router-server to feed this. Depending of you
creativity you may take atractive cenarious.
> 2. We are also seeing some traffic sourced from IPs within a specific /24
> subnet inside our AS, entering from outside of our AS. It is being sourced
> from somewhere on the Internet by some host(s) which are sending the traffic
> out with our source address but are not actually originating the traffic
> from within our AS (which I guess is along the lines of a DoS but the
> traffic volumes are relatively low). I am dropping this on our 7200 via
> ACLs deployed on the outside edges/interfaces of our network. Could loose
> mode uRPF help solve this problem?
uRPF Loose Mode will no be too useful because you will have one valid
route entry. The only advantage that comes to mind now is drop packets
with ip source in one non routed subnet or next-hop point to null in
your iBGP ou IGP (not prefix aggregate at the border edge). This one
is effective only if you forgot to make acl ip spoofing to your
address space. (BCP-38)
Regards,
Kratz
--
"Any fool can know. The point is to understand."
Albert Einstein
More information about the cisco-nsp
mailing list