The IETF has long worked on IP source address validation in order to prevent IP spoofing and mitigate the problem of DoS attacks on the Internet. This work has lead to various forms of Reverse Path Forwarding (RPF) techniques, published in RFC 3704 and RFC 8704.
The Linux kernel has several features similar to RPF. They're implemented either as a sysctl or as Netfilter modules. I'll use the term rp_filter to collectively refer to all this implementations.
The objective of this talk is to give the audience a primer on rp_filter and to explain its challenges and pitfalls, beyond the well-known asymmetric routing issues. I'll conclude on what to consider when implementing RPF for advanced networking scenarios and why this is more complex than just setting a sysctl or loading a generic firewall rule.
Create a custom schedule.
Take it with you on mobile.
Get listed in the directory.
