BCP38 dismissal

Greg Hankins ghankins at mindspring.com
Thu Sep 4 13:12:56 CDT 2008


On Thu, Sep 04, 2008 at 01:14:20PM -0400, Paul Wall wrote:
>On Thu, Sep 4, 2008 at 12:45 PM, Jo Rhett <jrhett at netconsonance.com> wrote:
>> I'm sorry, but nonsense statements such as these burn the blood.  Sure, yes,
>> protecting yourself is so much more important than protecting anyone else.
>>
>> Anyone else want to stand up and join the "I am an asshole" club?
>
>uRPF is important.  But all the uRPF in the world won't protect you
>against a little tcp/{22,23,179} SYN aimed at your Force 10 box.
>
>Ya know what I mean?

Hey Paul, would you be able to demonstrate this problem?  I'd like to see
it so that we can investigate and fix it.

You are correct that the first generation of E-Series hardware (EtherScale)
had little control plane protection.

The current E-Series hardware (TeraScale) has a completely different
architecture that rate limits, queues and filters all packets destined to
the control plane.

Greg*

(* I am currently employed by Force10.)

-- 
Greg Hankins <ghankins at mindspring.com>




More information about the NANOG mailing list