What were we saying about edge filtering?

• Previous message (by thread): What were we saying about edge filtering?
• Next message (by thread): What were we saying about edge filtering?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On donderdag, sep 4, 2003, at 18:51 Europe/Amsterdam, Owen DeLong wrote:

> Source address-based filtering in the backbone is expensive and, in 
> many
> cases, non-feasible.

And, of course, unnecessary. Everything in the core must have gotten 
there over a border towards some external network or an edge towards a 
customer (counting own servers and stuff as "customer" too) so if 
filtering is done there, no need to repeat it in the core.

BTW, from what I can tell on a pretty old/slow Cisco box, uRPF makes 
packet forwarding take about 10% more CPU, which is the same as a short 
standard access list (which can only look at source addresses). A short 
extended access list takes around 20% more CPU.

• Previous message (by thread): What were we saying about edge filtering?
• Next message (by thread): What were we saying about edge filtering?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]