----- On Sep 30, 2021, at 9:13 AM, Andrew Smith andrew.william.sm...@gmail.com wrote:
Hi, > In Ciscoland, you do have to explicitly state that the default route is > eligible > for URPF verification, otherwise you'll get unexpected traffic drops. > ip verify unicast source reachable-via any allow-default Customer: We need a way to prevent spoofing. Dev: Sure, I created a new feature: "ip verify unicast" Customer: We're dropping legitimate traffic! Dev: Oops, sorry about that. Here, a new feature: "ip verify unicast source reachable-via any" Customer: But but but, we don't have a full BGP table! Dev: Oh well... <clickety-click> "ip very unicast source reachable via any allow-default" Thanks, Sabri
