Hello List,
Let me bounce on this thread again as I am seriously thinking
about implementing uRPF loose mode / RTBH on our backbone. We have been
taking on some DDoS recently, Internet is a bitch ;-)
I was thinking enabling it on the interfaces towards my :
- Upstream Providers,
- Peerings,
-
On 05/12/2010 10:55 AM, Youssef Bengelloun-Zahr wrote:
We have a bunch 6509s acting as core routers and a bunch of 7204VXRs
(NPE-400 / NPE-G1) acting as LNS border routers.
Problem Is : I am concerned about performance issues. Is uRPF a big consumer
of CPU / Memory ?
On 6500, I believe the
On May 12, 2010, at 6:21 AM, Phil Mayers wrote:
On 05/12/2010 10:55 AM, Youssef Bengelloun-Zahr wrote:
We have a bunch 6509s acting as core routers and a bunch of 7204VXRs
(NPE-400 / NPE-G1) acting as LNS border routers.
Problem Is : I am concerned about performance issues. Is uRPF a big
Hey,
Our 6509 boxes are equiped with SUP720-3BXLs, so it shouldn't be a problem.
I am more concerned about the 7204VXRs equiped with NPE-400s or NPE-G1s. I
haven't been able to find docs on the Internet related the URPF impact on
performances.
Thanks.
Y.
2010/5/12 Jared Mauch
On Wednesday 12 May 2010 11:30:20 pm Youssef Bengelloun-Zahr
wrote:
I am more concerned about the 7204VXRs equiped with
NPE-400s or NPE-G1s. I haven't been able to find docs on
the Internet related the URPF impact on performances.
We've had a couple of NPE-G1's/G2's and we run both loose
On Thursday 08 April 2010 08:48:39 pm Steve Bertrand wrote:
I guess what I'm trying to say is that enabling it is
good,...
Agree.
and I've never run into any situation where
enabling loose mode has caused problems.
The only problem we've had is when peering privately with
other
I've been reading up about uRPF on Cisco's website, at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
I've heard many people suggest that having uRPF filtering on in an ISP
environment is a good idea (and best practice).
However I'm grappling with the idea in
On Apr 8, 2010, at 5:46 PM, Reuben Farrelly wrote:
1. Given the global routing table is increasing and there is not all
that much unallocated/non-routed IP networks left (and thus fewer
invalid source addresses to draw from), is uRPF much of an advantage in
todays ISP/IPv4 networks?
It
Reuben,
In my opinion, the major gain is when deployed uRPF Loose Mode on
border routers is the possibility to drop traffic based on blackhole
for source address or source network flows. You may point local static
route to null or use a router-server to feed this. Depending of you
creativity you
As mentioned before, it still can be useful and necessary if you want to
deploy some central filtering mechanism RTBH or variant.
More detailed here (As a start):
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
After having activated uRPF in loose mode you can verify if
On 2010.04.08 06:46, Reuben Farrelly wrote:
I've been reading up about uRPF on Cisco's website, at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
I've heard many people suggest that having uRPF filtering on in an ISP
environment is a good idea (and best
On 2010.04.08 08:48, Steve Bertrand wrote:
On 2010.04.08 06:46, Reuben Farrelly wrote:
I've been reading up about uRPF on Cisco's website, at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
I've heard many people suggest that having uRPF filtering on in an ISP
12 matches
Mail list logo