Enhanced Feasible-Path Unicast Reverse Path Filtering

Document Type Replaced Internet-Draft (opsec WG)
Authors Kotikalapudi Sriram  , Doug Montgomery  , Jeffrey Haas 
Last updated 2019-04-08 (latest revision 2018-03-05)
Replaced by RFC 8704
Stream Internet Engineering Task Force (IETF)
Intended RFC status Best Current Practice
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-opsec-urpf-improvements
Consensus Boilerplate Yes
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document identifies a need for improvement of the unicast Reverse Path Filtering techniques (uRPF) [BCP84] for source address validation (SAV) [BCP38]. The strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two [BCP84]. However, as shown in this draft, the existing feasible-path uRPF still has short comings. This document describes an enhanced feasible-path uRPF technique, which aims to be more flexible (in a meaningful way) about directionality than the feasible-path uRPF. It can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers, and encourage greater deployment of uRPF techniques.


Kotikalapudi Sriram (ksriram@nist.gov)
Doug Montgomery (dougm@nist.gov)
Jeffrey Haas (jhaas@juniper.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)