[nsp-sec] Juniper uRPF to Blackhole
Sebastian Abt
sa at rh-tec.de
Fri Mar 21 13:16:26 EDT 2008
* JR Mayberry wrote:
> Isn't anyone actually using the feature and can speak to whether it
> works like Cisco or not?
In uRPF loose-mode Juniper only checks whether an entry for the given
prefix exists in the RIB; if that's the case, the packet is accepted -
even if the next-hop for the prefix is discard. At least that's what I
remember when I tried to configure this some time ago..
So, yes, I guess your colleagues are right and this behaviour differs
from Cisco's - unfortunately.
regards,
sebastian
--
fon: +49 69 95411 15 e-mail: sa at rh-tec.de
fax: +49 69 95411 45 mobile: +49 69 95411 55
rh-tec Business GmbH, http://www.rh-tec.de/
Grosser Heidkamp 8, 32549 Bad Oeynhausen
Geschaeftsfuehrer: Gerhard Roehrmann
Registergericht: AG Bad Oeynhausen, HRB 8112
More information about the nsp-security
mailing list