BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

Jay Ashworth jra at baylink.com
Wed Feb 5 21:24:42 UTC 2014

----- Original Message -----
> From: "Octavio Alvarez" <alvarezp at alvarezp.ods.org>

> Maybe I'm oversimplifying things but I'm really curious to know why
> can't the nearest-to-end-user ACL-enabled router simply have an ACL to
> only allows packets from end-users that has a valid source-address
> from the network segment they provide service to.

The common answer, Octavio, at least *used to* be "our line cards aren't 
smart enough to implement strict-unicast-RPF, and our boxes don't have 
enough horsepower to handle every packet through the CPU".

As I've noted, I'm not sure I believe that's true of current generation
gear, and if it *is*, then it should cost manufacturers business.

-- jra
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

More information about the NANOG mailing list