[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cisco uRPF failures
On Sep 11, 2008, at 10:11 AM, Saku Ytti wrote:
> On (2008-09-11 00:50 -0700), Jo Rhett wrote:
>> As someone who does a lot of work talking to NOCs trying to chase
>> down
>> attack sources, I can honestly tell you that I haven't talked to a
>> single NOC in the last 16 months who had BCP38 on every port, or
>> even on
>> most of their ports. And the majority response is "our (vendor) gear
>> can't handle it". As we both know, Cisco is the largest by far
>> vendor
>> in the marketplace, and I've heard that name more than 70% of the
>> time.
>
> Sound like these shops are using 3550 as router, which is common for
> smaller shops, especially in EU. And indeed, 3550 would not do uRPF.
> (3560E does).
I don't honestly know. I do know that in every case it was mentioned
to me it was either a 6500 or a 7600.
(that it was a Cisco anyway)
But frankly, lack of uRPF doesn't mean that BCP38 is impossible. My
generation of Force10 gear can't do uRPF. Yet we are BCP38 compliant.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness