Something with filters

Jared Mauch jared at
Fri Aug 29 01:27:26 CEST 2014

On 8/28/14 10:56 AM, Eric Vyncke (evyncke) wrote:
> Hi Enno,
> Regarding a 3GPP phone, AFAIK, it receives a /64 so it is scalable and
> easy to enforce uRPF at the very first layer-3 routers. Same for a home
> CPE (with a very minor impact, uRPF has same performance as plain
> forwarding == same lookup technique) and anyway the BNG/BRAS does DHCP-PD
> snooping and should do uRPF as well. Pretty much like in IPv4.
> But, we may indeed suspect that uRPF on a longer prefix such as /96 (??)
> could be as efficient as forwarding to a /96 which is rumored to be less
> efficient than forwarding to a prefix shorter than 64. Just a wild guess
> (and please do not assume some magical knowledge of mine based on my email
> address)

We have been told by Cisco that things like uRPF aren't likely to be
tested/optimized.  Folks forget it in the hardware design phase and
then it's too late.  There is no cultural habit to think about
security first.  CSCuq42336 is a clear example of security not even
being thought of.

- Jared

More information about the ipv6-ops mailing list