Technical Summary
This document identifies a need for improvement of the unicast
Reverse Path Filtering techniques (uRPF) (see BCP 84) for detection
and mitigation of source address spoofing (see BCP 38). The strict
uRPF technique is inflexible about directionality, the loose uRPF
technique is oblivious to directionality, and the current
feasible-path uRPF technique attempts to strike a balance between the
two (see BCP 84). However, as shown in this draft, the existing
feasible-path uRPF technique still has shortcomings. This document
describes an enhanced feasible-path uRPF technique, which aims to be
more flexible (in a meaningful way) about directionality than the
feasible-path uRPF technique. It can potentially alleviate ISPs'
concerns about the possibility of disrupting service for their
customers, and encourage greater deployment of uRPF techniques.
Working Group Summary
The document was discussed in GROW and in OPSEC, and adopted by OPSEC. Discussions
in both working groups were incorporated into the document.
Document Quality
The shepherd sees no wg mail indicating that there are are current software implementations. However, the draft contains a section “Implementation Considerations” that points to the similarity to current uRPF techniques that query a VRF table, so existing implementation methods could be leveraged for this new technique. One wg comment explicitly said that the document was clear enough to “assist the operators to better implement the recommendations”.
AD Note: Nits tool notes: The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document. I decided this is a nit, and not worth asking the authors to spin another copy for this. Other nits seem to be false positives.
Personnel
Document Shepherd: Sandra Murphy
Responsible Area Director: Warren Kumari