> > Strict mode uRPF is likely to be implemented by
performing a full
> > forwarding table lookup and then comparing the
packet's incoming
> > interface to the interface from the forwarding
table result.
uRPF uses the same look up algorithm as you do when you look
up the
destination address for next hop.
> Pekka might have meant wouldn't you build a separate
'urpf
> table' per interface perhaps? (just guessing at his
intent)
> though there is only one 'urpf table' which is the fib,
right?
This is VRF Mode uRPF. Where you configure the uRPF to check
a separate
VRF(FIB). This decouples the policy table for the active
forwarding
table - providing more flexibility - at the cost of memory.
You can set
it to one of two mode - white list (if exist pass) or black
list (if
exist drop). The white list is what SPs have been interested
in since
you can fill the VRF with the prefixes from a peering
partner/customer -
then insure all source addressing coming from that customer
matches the
BGP prefixes being sent.
|