URPF support

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hi Experts, 

Does our extreme switches support URPF feature? i was not able to find it in latest 22.1 UG?
Photo of adnan khan

adnan khan

  • 100 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Bastian Sprotte

Bastian Sprotte, Employee

  • 1,610 Points 1k badge 2x thumb
hello,
EXOS today not support unicast reverse-path forwarding (uRPF)
we had some internal discussion about that, might be we add this in the future.

looking into our GTAC Knowledge Base
 
 https://gtacknowledge.extremenetworks.com/articles/Q_A/Do-EXOS-switches-support-unicast-reverse-path...

-
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,492 Points 10k badge 2x thumb
Hi,
uRPF is defined in rfc 3704, which lists several methods. Among them, ingress ACL is proposed. That could be done, but I agree this is a stretch and maybe not very feasible in everyday network.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi,

the uRPF feature in other vendor's products has the advantage that it just needs to be turned on and then works automatically, adjusting to routing changes on the fly. It is not realistic to manually implement and maintain ACLs for this on every routed interface.

What is realistic is to implement anti-spoofing ACL(s) on the uplink(s) to the service provider(s) using egress ACL(s). This is equivalent to the service provider using ingress filtering (BCP 38, BCP 84).

Erik