Search RFCs
- File formats:
- Also available:XML file for editing
- Status:
- BEST CURRENT PRACTICE
- Updates:
- RFC 3704
- Authors:
- K. Sriram
D. Montgomery
J. Haas - Stream:
- IETF
- Source:
- opsec (ops)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8704
Discuss this RFC: Send questions or comments to the mailing listopsec@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8704
Abstract
This document identifies a need for and proposes improvement of theunicast Reverse Path Forwarding (uRPF) techniques (see RFC 3704) fordetection and mitigation of source address spoofing (see BCP 38).Strict uRPF is inflexible about directionality, the loose uRPF isoblivious to directionality, and the current feasible-path uRPFattempts to strike a balance between the two (see RFC 3704). However,as shown in this document, the existing feasible-path uRPF still hasshortcomings. This document describes enhanced feasible-path uRPF(EFP-uRPF) techniques that are more flexible (in a meaningful way)about directionality than the feasible-path uRPF (RFC 3704). Theproposed EFP-uRPF methods aim to significantly reduce false positivesregarding invalid detection in source address validation (SAV).Hence, they can potentially alleviate ISPs' concerns about thepossibility of disrupting service for their customers and encouragegreater deployment of uRPF techniques. This document updates RFC3704.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.