[c-nsp] uRPF Core Internet Routers

Lee ler762 at gmail.com
Tue Apr 16 21:42:47 EDT 2013

On 4/16/13, Antonio Soares <amsoares at netcabo.pt> wrote:
> Hello group,
> I looking for Information about anti-spoofing measures namely uRPF.
[.. snip old references ..]
> Now my question, is it appropriate to use uRPF loose mode on Core Routers
> (Full Routing Tables) ?

It's an easy way to drop traffic with RFC-1918 addresses, so it is
nice that way.  But the IPv4 address space is close to all allocated,
so enabling it for IPv4 doesn't seem like a huge win.  IPv6 may be a
different story tho..

> How about the impact/restrictions ?

No idea.  I use an input access list or strict uRPF on the edge &
haven't paid much attention to loose uRPF.
http://www.cisco.com/web/about/security/intelligence/CiscoIOSXR.html says
  Reference the "Implementing Cisco Express Forwarding on Cisco IOS XR Software"
  section of the Cisco IOS XR IP Addresses and Services Configuration Guide for
  more information.
so that sounds like a good place to look.


> I was able to find a few restrictions
> when comparing the SUP720 with the SUP-2T but I'm more interested on IOS-XR
> Platforms.
> Thanks.
> Regards,
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoares at netcabo.pt
> http://www.ccie18473.net

More information about the cisco-nsp mailing list