[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DDoS Mitigation Survey

Clarification on Loose Check uRPF .....

Loose Check uRPF was designed so that an ASIC based look up of the source
address + a BGP RTBH would allow a provide to trigger a source based drop
across their entire network. That was why it was created. The fact that it
drops any other packet whose source address is not in the FIB or may equal
Null 0 (i.e. Bogons) is a secondary effect.

This check is a losed common demononator for the ASIC technology built
between 1999 and 2001. That would allow it to work on any chip by any vendor
- providing the community with a simple network wide source based drop
technique that can be widely deployed.

The problem was assuming the industry knew what a destination based RTBH
(dRTBH) was all about and how to have it work through out their network. The
assumption that most providers knew destination based RTBH when uRPF Loose
Check was created. That was incorrect. Infact, when Chris and Brian
published the Backscatter Traceback technique (which uses destination based
RTBH) it was quickly discovered that the majority of the providers did not
know how dRTBH worked. This explained the years of confusion around uRPF
Loose Check.

Co-creator of uRFP