Enhanced Feasible-Path Unicast Reverse Path Filtering
draft-sriram-opsec-urpf-improvements-03

Document Type Replaced Internet-Draft (opsec WG)
Last updated 2018-04-19 (latest revision 2018-03-05)
Replaced by draft-ietf-opsec-urpf-improvements
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-opsec-urpf-improvements
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-sriram-opsec-urpf-improvements-03.txt

Abstract

This document identifies a need for improvement of the unicast Reverse Path Filtering techniques (uRPF) [BCP84] for source address validation (SAV) [BCP38]. The strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two [BCP84]. However, as shown in this draft, the existing feasible-path uRPF still has short comings. This document describes an enhanced feasible-path uRPF technique, which aims to be more flexible (in a meaningful way) about directionality than the feasible-path uRPF. It can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers, and encourage greater deployment of uRPF techniques.

Authors

Kotikalapudi Sriram (ksriram@nist.gov)
Doug Montgomery (dougm@nist.gov)
Jeffrey Haas (jhaas@juniper.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)