> From: Saku Ytti <s...@ytti.fi> > Sent: Thursday, October 15, 2020 3:30 PM > > On Thu, 15 Oct 2020 at 17:22, Tim Durack <tdur...@gmail.com> wrote: > > > > We deploy urpf strict on all customer end-host and broadband circuits. In > this scenario urpf = ingress acl I don't have to think about. > > But you have to think about what prefixes a customer has. If BGP you need > to generate prefix-list, if static you need to generate a static route. As you > already have to know and manage this information, what is the incremental > cost to also emit an ACL? > Actually ideally there would be a feature/knob to automatically sync BGP (and static routes) with packet filters.
adam
