Hi, On Jan 31, 2013, at 4:37 PM, Andy Davidson <[email protected]> wrote:
> Jon Morby wrote: >> The problem is that BCP38 assumes that the ISP does some configuration >> to ensure only properly sourced packets enter their network, which >> doesn't really work unless you have a perfectly symmetrical network >> Š. and not many ISPs do > > Asymmetric routing via your non-customer peers and transit partners does > not mean you can't apply Strict uRPF facing your customers (in fact you > should do so.) Unfortunately there still are many devices which don't have useful uRPF, support, for instance on a Brocade XMR or MLX you can't enable it on virtual ethernet interfaces (kinda like cisco BVI int's). telnet@modern-bro(config)#interface ve 1000 telnet@modern-bro(config-vif-1000)#rpf-mode strict Invalid input -> rpf-mode strict Type ? for a list telnet@modern-bro(config-vif-1000)#rpf-mode loose Invalid input -> rpf-mode loose Type ? for a list telnet@modern-bro(config-vif-1000)# !FUUUUUU!!!!! - Job
