nanog mailing list archives

Re: Cox AS22773 uPRF issue - please contact off list

From: Frank Habicht via NANOG <nanog () lists nanog org>
Date: Thu, 4 Dec 2025 22:18:18 +0300



On 12/4/2025 4:19 PM, William Herrin wrote:

On Wed, Dec 3, 2025 at 8:32 PM Frank Habicht via NANOG
<nanog () lists nanog org> wrote:

if you're a customer, using only my PA space, and multihomed:
I'll do BGP with you -- you can be AS64512.
I'll do strict uRPF with a fail-filter allowing all my PA space sourced
by you.

Is there a problem with that?


Most likely, yes there is.

I can drop my announcement without dropping the BGP session. There are
lots of reasons to do so.

agreed.

If you're doing strict URPF, you'll start
blackholeing packets I send to you on the link based on the routes
you're still sending to me, even though they're from the address space
you assigned to me.

my "with a fail-filter allowing" above meant
the $J-speak "rpf-check fail-filter <filter>" - which will allow this.

URPF will show the return route transiting the
other link.

It's even more dicey if the multihoming isn't two links with you but
rather a link with you and another with someone else.

my "using only my PA space" condition should still prevent undesireddiscards of packets on my part.


Frank

_______________________________________________

NANOG mailing listhttps://lists.nanog.org/archives/list/nanog () lists nanog org/message/RI2RLDXRLAA4KKM5HCWWLB22BB6IOWQN/

Current thread:

Cox AS22773 uPRF issue - please contact off list Evan S. Weiner via NANOG (Dec 03)
- Re: Cox AS22773 uPRF issue - please contact off list C. Jon Larsen via NANOG (Dec 03)
  - Re: Cox AS22773 uPRF issue - please contact off list Frank Habicht via NANOG (Dec 03)
    - Re: Cox AS22773 uPRF issue - please contact off list William Herrin via NANOG (Dec 04)
    - Re: Cox AS22773 uPRF issue - please contact off list Frank Habicht via NANOG (Dec 04)
  - Re: Cox AS22773 uPRF issue - please contact off list Saku Ytti via NANOG (Dec 03)