{"draft":"draft-ietf-opsec-urpf-improvements-04","doc_id":"RFC8704","title":"Enhanced Feasible-Path Unicast Reverse Path Forwarding","authors":["K. Sriram","D. Montgomery","J. Haas"],"format":["HTML","TEXT","PDF","XML"],"page_count":"17","pub_status":"BEST CURRENT PRACTICE","status":"BEST CURRENT PRACTICE","source":"Operational Security Capabilities for IP Network Infrastructure","abstract":"This document identifies a need for and proposes improvement of the\r\nunicast Reverse Path Forwarding (uRPF) techniques (see RFC 3704) for\r\ndetection and mitigation of source address spoofing (see BCP 38).\r\nStrict uRPF is inflexible about directionality, the loose uRPF is\r\noblivious to directionality, and the current feasible-path uRPF\r\nattempts to strike a balance between the two (see RFC 3704). However,\r\nas shown in this document, the existing feasible-path uRPF still has\r\nshortcomings. This document describes enhanced feasible-path uRPF\r\n(EFP-uRPF) techniques that are more flexible (in a meaningful way)\r\nabout directionality than the feasible-path uRPF (RFC 3704). The\r\nproposed EFP-uRPF methods aim to significantly reduce false positives\r\nregarding invalid detection in source address validation (SAV).\r\nHence, they can potentially alleviate ISPs' concerns about the\r\npossibility of disrupting service for their customers and encourage\r\ngreater deployment of uRPF techniques. This document updates RFC\r\n3704.","pub_date":"February 2020","keywords":["BGP","source address spoofing","source address validation","SAV","Reverse Path Forwarding","RPF","unicast RPF","uRPF","DDoS mitigation","BCP 38","BCP 84"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC3704"],"updated_by":[],"see_also":["BCP0084"],"doi":"10.17487\/RFC8704","errata_url":null}