We also had a discussion few months ago on different modes of uRPF including
the Feasible mode which is not currently supported by Cisco IOS. If you're
interested in some further studies take a look at that (or the RFC itself) -
pretty cool; supported by Juniper.
HTH
Kambiz Agahian
CCIE Instructor/Consultant
M.Eng Telecom, CCIE# 25341, CCSI# 33326, MCSE, MCSA
On Fri, Aug 13, 2010 at 2:50 AM, Prakash Kalsaria <
kalsaria.prakash_at_gmail.com> wrote:
> Great Info Guys
>
> Thanks
>
> Regards;
> Prakash Kalsaria
> http://prakashkalsaria.wordpress.com
>
>
> On Fri, Aug 13, 2010 at 2:23 PM, Kambiz Agahian <aussiecert_at_gmail.com>wrote:
>
>> Keti,
>>
>> You're almost there. Please take a look the following pages:
>>
>> http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html
>> * Surprisingly the best (concise) uRPF artcile on cisco.com
>>
>>
>> http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrpf.html
>> * Pretty old but still relevant
>>
>> http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=3
>>
>> ## Sometimes I refer to the uRPFaccess list as "the second chance" - can
>> you
>> guess why?
>>
>>
>> HTH
>> Kambiz Agahian
>>
>> CCIE Instructor/Consultant
>> M.Eng Telecom, CCIE# 25341, CCSI# 33326, MCSE, MCSA
>>
>>
>> On Fri, Aug 13, 2010 at 12:13 AM, selamat pagi <ketimun_at_gmail.com> wrote:
>>
>> > According to the docu 4 types of addresses are blocked:
>> >
>> >
>> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
>> >
>> > Loose mode allows Unicast RPF to automatically detect and drop packets
>> such
>> > as the following:
>> >
>> > IETF RFC 1918 source addresses
>> >
>> > Other Documenting Special Use Addresses (DUSA) that should not appear
>> in
>> > the source
>> >
>> > Unallocated addresses that have not been allocated by the Regional
>> > Internet
>> > Registries (RIRs)
>> >
>> > Source addresses that are routed to a null interface on the router
>> >
>> > 1) RFC1918 and 4) null route are easy to understand.
>> >
>> > But what other address-ranges are blocked ?
>> >
>> > Is there a command to show this on the router ?
>> >
>> > Many thanks,
>> > keti
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 13 2010 - 03:03:59 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART