[c-nsp] Purposed of uRPF's "allow-default" Option?
Devon True
devon at noved.org
Fri Jan 29 17:01:46 EST 2010
On 1/29/2010 4:57 PM, Antonio Querubin wrote:
> On Fri, 29 Jan 2010, Antonio Querubin wrote:
>
>> Yes but that's not the interface where you would apply it. You apply
> ^
> necessarilly
>> 'allow-default' on your upstream interface that you point your default
>> route to. Ie. if you set your default-route at a particular interface
>> or IP address, then you add urpf 'allow-default' on the interface that
>> leads to your upstream gateway.
>
> Ie. you normally do not use allow-default on most of your interfaces.
> You use it only on upstream interfaces.
So it is for the situation where you do not have a full table (so strict
and/or loose mode would not work), but you want uRPF on the edge to be
able to drop packets whose network is routed to null on your FIB?
--
Devon
More information about the cisco-nsp
mailing list