register.com down sev0?
ge at linuxbox.org
Fri Oct 27 12:13:06 UTC 2006
On Thu, 26 Oct 2006, Tony Li wrote:
> > It was possible to implement BCP38 before the router vendors
> > came up with uRPF.
> Further, uRPF is frequently a very inefficient means of implementing BCP
> 38. Consider that you're going to either compare the source address
> against a table of 200,000 routes or against a handful of prefixes that
> you've statically configured in an ACL.
> Yes, I realize that the latter approach is more of a managerial hassle,
> but for those of you who feel that your silicon is running a tad too
> warm, you may wish to consider this as a possible performance
> improvement technique. YMMV.
> Your former router vendor,
Erm, most ISP's I talk to (since I became aware of this not too long
ago) believe this is a perfect replacement for BCP38.
And yet, spoofing is possible from their space.
More information about the NANOG