On 17/12/15 13:51, Matthew Walster wrote: > 1. Don't use uRPF on a peering router, and if you are, loose mode seems > pretty dumb on a full transit router.
Spoofed source, to the point where there isn't even a route for it in the DFZ, is a thing you'll see without loose-mode URPF enabled on your transit & peering interfaces. > 2. Those are some really bad filtering examples, and if you just used it > as a factsheet there are missing entries which you may falsely assume > don't matter. Filtering all >/48 v6 prefixes seems a little odd too -- > why that size? I can't think of a reason why anyone would want an IPv6 prefix longer than a 48, in the DFZ. A-la filtering v4 prefixes greater than 24. Please do correct me if I'm wrong, but so far do this has not raised issues at $work. -- Tom
