On (2012-11-26 09:54 -0500), Gabriel Blanchard wrote: > Has anyone on this list been able to implement uRPF to work in a > multi-homed environment? I'm trying to implement it so that it black > holes traffic based on source address and so far what I've read tells me > this is not supported.
This is very new feature to JunOS. I think 12.1 for T4k. And maybe 12.2 for MX, unsure. But JunOS has very compelling feature called DCU/SCU. Essentially when routes are installed in hardware you can have policy to add data there, and you can then match to this data for example in FW filters. This allows you to create much more elaborate source blackoling with quite moderate increase in complexity. Here's something I tested in lab, and hoped to deploy: http://ip.fi/blackhole.txt It might be bit to-the-point, as it's mostly intended to myself as memo. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp