Something with filters
Jared Mauch
jared at puck.nether.net
Fri Aug 29 01:27:26 CEST 2014
On 8/28/14 10:56 AM, Eric Vyncke (evyncke) wrote:
> Hi Enno,
>
> Regarding a 3GPP phone, AFAIK, it receives a /64 so it is scalable and
> easy to enforce uRPF at the very first layer-3 routers. Same for a home
> CPE (with a very minor impact, uRPF has same performance as plain
> forwarding == same lookup technique) and anyway the BNG/BRAS does DHCP-PD
> snooping and should do uRPF as well. Pretty much like in IPv4.
>
> But, we may indeed suspect that uRPF on a longer prefix such as /96 (??)
> could be as efficient as forwarding to a /96 which is rumored to be less
> efficient than forwarding to a prefix shorter than 64. Just a wild guess
> (and please do not assume some magical knowledge of mine based on my email
> address)
We have been told by Cisco that things like uRPF aren't likely to be
tested/optimized. Folks forget it in the hardware design phase and
then it's too late. There is no cultural habit to think about
security first. CSCuq42336 is a clear example of security not even
being thought of.
- Jared
More information about the ipv6-ops
mailing list