For strict-mode... Completely agree. As has been previously said, this is a tool that all players involved need to understand. This is no different than everyone correctly using BGP in their application for their outcomes.
> On Sep 29, 2021, at 12:07 PM, Adam Thompson <athomp...@merlin.mb.ca> wrote: > > We just ran into a typical case where uRPF caused a partial outage for one of > my customers: the customer is multi-homed, with another provider that I'm > also connected to. Customer advertised a longer-prefix to the other guy, so > I started sending traffic destined for Customer to the Other Provider... who > then promptly dropped it because they had uRPF enabled on the peering link, > and they were seeing random source IPs that weren't mine. Well... yeah, that > can happen (semi-legitimately) anytime you have a topological triangle in > peering. > > I've concluded over the last 2 years that uRPF is only useful on interfaces > pointing directly at non-multi-homed customers, and actively dangerous > anywhere else. > > -Adam > > Adam Thompson > Consultant, Infrastructure Services > > 100 - 135 Innovation Drive > Winnipeg, MB, R3T 6A8 > (204) 977-6824 or 1-800-430-6404 (MB only) > athomp...@merlin.mb.ca <mailto:athomp...@merlin.mb.ca> > www.merlin.mb.ca <http://www.merlin.mb.ca/> > From: NANOG <nanog-bounces+athompson=merlin.mb...@nanog.org> on behalf of > Amir Herzberg <amir.li...@gmail.com> > Sent: September 28, 2021 20:06 > To: Randy Bush <ra...@psg.com> > Cc: North American Network Operators' Group <nanog@nanog.org> > Subject: Re: uPRF strict more > > Randy, great question. I'm teaching that it's very rarely, if ever, used (due > to high potential for benign loss); it's always great to be either confirmed > or corrected... > > So if anyone replies just to Randy - pls cc me too (or, Randy, if you could > sum up and send to list or me - thanks!) > > Amir > -- > Amir Herzberg > > Comcast professor of Security Innovations, Computer Science and Engineering, > University of Connecticut > Homepage: https://sites.google.com/site/amirherzberg/home > <https://sites.google.com/site/amirherzberg/home> > `Applied Introduction to Cryptography' textbook and lectures: > https://sites.google.com/site/amirherzberg/applied-crypto-textbook > <https://sites.google.com/site/amirherzberg/applied-crypto-textbook> > > > > > On Tue, Sep 28, 2021 at 8:50 PM Randy Bush <ra...@psg.com > <mailto:ra...@psg.com>> wrote: > do folk use uPRF strict mode? i always worried about the multi-homed > customer sending packets out the other way which loop back to me; see > RFC 8704 §2.2 > > do vendors implement the complexity of 8704; and, if so, do operators > use it? > > clue bat please > > randy
