[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

an effect of ignoring BCP38

Subject: an effect of ignoring BCP38
From: pekkas at netcore.fi (Pekka Savola)
Date: Thu, 11 Sep 2008 16:32:57 +0300 (EEST)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <00d501c90e99$ffb4e480$ff1ead80$@com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected].> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Thu, 11 Sep 2008, Jo Rhett wrote:
>> [Pekka:]
>> Loose mode URPF is [..] (IMHO) pretty much waste of time and is confusing 
>> the discussion about real spoofing protection.  The added protection 
>> compared to ACLs that drop private and possibly bogons is not that big and 
>> it causes transient losses when the routing tables are changing.
>
> I disagree.   But I will say that if everyone would apply strict mode or ACLs 
> to their end point interfaces, this would likely make most of the loose mode 
> irrelevant.

FWIW, based on off-list discussion, Jo's disagreement seems to stem 
from a misunderstanding of how loose uRPF works (he didn't know it 
accepts any packet that has a route in the routing table).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- an effect of ignoring BCP38
  - From: jrhett at netconsonance.com (Jo Rhett)

References:
- Force10 Gear - Opinions
  - From: jrhett at netconsonance.com (Jo Rhett)
- Force10 Gear - Opinions
  - From: pauldotwall at gmail.com (Paul Wall)
- Force10 Gear - Opinions
  - From: james at towardex.com (James Jun)
- BCP38 dismissal
  - From: jrhett at netconsonance.com (Jo Rhett)
- BCP38 dismissal
  - From: ge at linuxbox.org (Gadi Evron)
- BCP38 dismissal
  - From: patrick at ianai.net (Patrick W. Gilmore)
- BCP38 dismissal
  - From: ge at linuxbox.org (Gadi Evron)
- an effect of ignoring BCP38
  - From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- an effect of ignoring BCP38
  - From: kc at caida.org (k claffy)
- an effect of ignoring BCP38
  - From: jrhett at netconsonance.com (Jo Rhett)
- an effect of ignoring BCP38
  - From: pekkas at netcore.fi (Pekka Savola)
- an effect of ignoring BCP38
  - From: jrhett at netconsonance.com (Jo Rhett)

Prev by Date: Teleglobe appears to be spam-source zombie network?
Next by Date: an effect of ignoring BCP38
Previous by thread: an effect of ignoring BCP38
Next by thread: an effect of ignoring BCP38
Index(es):
- Date
- Thread