[j-nsp] Juniper RPF loose behavior?

Michael Loftis mloftis at wgops.com
Fri Aug 12 19:36:21 EDT 2005


OK in Cisco platforms with RPF loose set to on, packets have an RPF check 
done as long as a route exists in the table for the source prefix then the 
packet is allowed, EXCEPT if that route resolves to the null0 interface. 
This is documented at 
http://www.cisco.com/warp/public/732/Tech/security/docs/blackhole.pdf in 
conjunction with 'source based BGP blackholes' or something like that ( I 
can't remember what the document calls it.)


So my question is this....does Juniper loose RPF (atleast in 7.3R1) behave 
this way?  Such that if I'm advertising 'black hole' routes via an iBGP 
session that resolve to a 192.0.2.1 route that is set 'discard' will the 
same thing happen for JunOS?


I hope this makes sense....

--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


More information about the juniper-nsp mailing list