[j-nsp] uRPF loose mode
Saku Ytti
saku at ytti.fi
Mon Nov 26 10:05:08 EST 2012
On (2012-11-26 09:54 -0500), Gabriel Blanchard wrote:
> Has anyone on this list been able to implement uRPF to work in a
> multi-homed environment? I'm trying to implement it so that it black
> holes traffic based on source address and so far what I've read tells me
> this is not supported.
This is very new feature to JunOS. I think 12.1 for T4k. And maybe 12.2 for
MX, unsure.
But JunOS has very compelling feature called DCU/SCU. Essentially when
routes are installed in hardware you can have policy to add data there, and
you can then match to this data for example in FW filters. This allows you
to create much more elaborate source blackoling with quite moderate
increase in complexity.
Here's something I tested in lab, and hoped to deploy:
http://ip.fi/blackhole.txt
It might be bit to-the-point, as it's mostly intended to myself as memo.
--
++ytti
More information about the juniper-nsp
mailing list