> On 29 August 2017 at 03:38, Robert Blayzor <rblayzor.b...@inoc.net> wrote: > >> Well not completely useless. BCP will still drop BOGONs at the edge before >> they leak into your network. > > Assuming you don't use them in your own infra. And cost of RPF is lot > higher than cost of ACL. Them being entirely static entities they > should be in your edgeACL. The only real justification for loose RPF > is source based blackholing. > > -- > ++ytti
Well, if you are using public IP addresses for infra you are violating your RIR’s policy more than likely. And if you’re using RFC1918 space in your global routing table, then thats another fiasco you’ll have to deal with. Managing ACL’s for customer routes has far more overhead (and cost, ie: time, human error, etc) than to just use RPF on an edge port. I believe the OP was talking about multi-homed, in that case if run a tight ship in your network RPF loose is probably a good choice. It at least gives you an easy way to not accept total trash at the edge. -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://inoc.net/~rblayzor/
