I'm trying to understand why source-address RTBH needs to be coupled with configuring uRPF on the edge ports.
I've read RFC5635 and other vendor papers on this topics but I can't figure out the reason, perhaps I'm missing something obvious.
Why would S/RTBH not work without uRPF? The trigger router would advertise the source-address that needs to be blocked with a specific "evil" community and based on this community the edge routers would install a next-hop of discard. So the source-address would be blocked anyway, so why the need for uRPF?
But even if it's a spoofed IP address traffic from that source will be discarded anyway, since all the edge routes will have a discard route for it. Right?
I am not sure if i understood your quetion.
but When i say source, i meant the source of the packet in which the attack-prefix is advertised.
please refer to section 4.
Hi KIngsman, thanks for trying to clarify this.
As stated in my initial message, I've already consulted the RFC.
Let's use a particular example. Let's say that an ISP identifies that a DDoS attack is being generated from a particular IP address somewhere on the internet (let's use 18.104.22.168 for the simplicity of the example). With S/RTBH, a trigger router will create a static route for 22.214.171.124/32 and the edge routers that belong to this ISP will install this route with a next-hop of discard.
Therefore, my point is that with or without uRPF, traffic entering the ISP from that IP address (spoofed or not) will anyway be discarded. So why the need for uRPF?
Yeah, thanks, I guess the uRPF is there to prevent IP spoofing from happening in the first place.
You're right, Kingsman, thanks. Without uRPF malicious traffic would still reach the victim(s).
@Kingsman wrote:Now you can imagine, what if the uRPF is not configured??
There is a way to do source RTBH without uRPF.
A precursor to uRPF, called SCU is used instead.
I did the design and proof of concept for a customer of mine but it did not go through unfortunately 😞
I didn't know that... Thank you for the information 🙂