Enhanced Feasible-Path Unicast Reverse Path Filtering
draft-sriram-opsec-urpf-improvements-03
| Document | Type | Replaced Internet-Draft (opsec WG) | |
|---|---|---|---|
| Last updated | 2019-04-08 (latest revision 2018-03-05) | ||
| Replaced by | draft-ietf-opsec-urpf-improvements | ||
| Stream | IETF | ||
| Intended RFC status | Best Current Practice | ||
| Formats |
Expired & archived
pdf
htmlized
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Replaced by draft-ietf-opsec-urpf-improvements | |
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-sriram-opsec-urpf-improvements-03.txt
Abstract
This document identifies a need for improvement of the unicast Reverse Path Filtering techniques (uRPF) [BCP84] for source address validation (SAV) [BCP38]. The strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two [BCP84]. However, as shown in this draft, the existing feasible-path uRPF still has short comings. This document describes an enhanced feasible-path uRPF technique, which aims to be more flexible (in a meaningful way) about directionality than the feasible-path uRPF. It can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers, and encourage greater deployment of uRPF techniques.
Authors
Kotikalapudi Sriram
(ksriram@nist.gov)
Doug Montgomery
(dougm@nist.gov)
Jeffrey Haas
(jhaas@juniper.net)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)