Why do ISPs still not do packet source verification in 2010?
Nick Hilliard
nick at foobar.org
Mon Dec 20 18:11:53 UTC 2010
On 20/12/2010 14:41, William Pitcock wrote:
> [...] but the 6500
> series chassis can do IP-level ACL in hardware.
as regards urpf on the sup720 / rsp720: ipv4, yes; ipv6, no.
BTW, it's worth asking this question when purchasing new equipment: "does
the equipment support both loose and strict ipv6 urpf in hardware right
now. if not, what is the timescale for implementation of each?".
The results are currently not very good.
Vendors: please note that support for ipv6 urpf (both strict and loose) is
a basic networking requirement these days.
Nick
More information about the NANOG
mailing list