On 12/4/2025 4:19 PM, William Herrin wrote:
On Wed, Dec 3, 2025 at 8:32 PM Frank Habicht via NANOG
<[email protected]> wrote:
if you're a customer, using only my PA space, and multihomed:
I'll do BGP with you -- you can be AS64512.
I'll do strict uRPF with a fail-filter allowing all my PA space sourced
by you.
Is there a problem with that?
Most likely, yes there is.
I can drop my announcement without dropping the BGP session. There are
lots of reasons to do so.
agreed.
If you're doing strict URPF, you'll start
blackholeing packets I send to you on the link based on the routes
you're still sending to me, even though they're from the address space
you assigned to me.
my "with a fail-filter allowing" above meant
the $J-speak "rpf-check fail-filter <filter>" - which will allow this.
URPF will show the return route transiting the
other link.
It's even more dicey if the multihoming isn't two links with you but
rather a link with you and another with someone else.
my "using only my PA space" condition should still prevent undesired
discards of packets on my part.
Frank
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/RI2RLDXRLAA4KKM5HCWWLB22BB6IOWQN/
