I definitely see the value of urpf-failed-especially in bgp or similar environments. The question I have is, is this an "expensive" way to prevent spoofing? In other works, does it use significantly more CPU time when compared to something like antispoof? Also, does urpf-failed "flag" incoming packets that are sourced with the same IP as the firewall like antispoof does?
Thanks.
