What were we saying about edge filtering?
Iljitsch van Beijnum
iljitsch at muada.com
Fri Sep 5 08:28:44 UTC 2003
On donderdag, sep 4, 2003, at 18:51 Europe/Amsterdam, Owen DeLong wrote:
> Source address-based filtering in the backbone is expensive and, in
> many
> cases, non-feasible.
And, of course, unnecessary. Everything in the core must have gotten
there over a border towards some external network or an edge towards a
customer (counting own servers and stuff as "customer" too) so if
filtering is done there, no need to repeat it in the core.
BTW, from what I can tell on a pretty old/slow Cisco box, uRPF makes
packet forwarding take about 10% more CPU, which is the same as a short
standard access list (which can only look at source addresses). A short
extended access list takes around 20% more CPU.
More information about the NANOG
mailing list