BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
Jay Ashworth
jra at baylink.com
Wed Feb 5 21:24:42 UTC 2014
----- Original Message -----
> From: "Octavio Alvarez" <alvarezp at alvarezp.ods.org>
> Maybe I'm oversimplifying things but I'm really curious to know why
> can't the nearest-to-end-user ACL-enabled router simply have an ACL to
> only allows packets from end-users that has a valid source-address
> from the network segment they provide service to.
The common answer, Octavio, at least *used to* be "our line cards aren't
smart enough to implement strict-unicast-RPF, and our boxes don't have
enough horsepower to handle every packet through the CPU".
As I've noted, I'm not sure I believe that's true of current generation
gear, and if it *is*, then it should cost manufacturers business.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list