BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

joel jaeggli joelja at bogus.com
Wed Feb 5 21:43:13 UTC 2014


On 2/5/14, 1:24 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Octavio Alvarez" <alvarezp at alvarezp.ods.org>
> 
>> Maybe I'm oversimplifying things but I'm really curious to know why
>> can't the nearest-to-end-user ACL-enabled router simply have an ACL to
>> only allows packets from end-users that has a valid source-address
>> from the network segment they provide service to.
> 
> The common answer, Octavio, at least *used to* be "our line cards aren't 
> smart enough to implement strict-unicast-RPF, and our boxes don't have 
> enough horsepower to handle every packet through the CPU".
> 
> As I've noted, I'm not sure I believe that's true of current generation
> gear, and if it *is*, then it should cost manufacturers business.

There are boxes that haven't aged out of the network yet where that's an
issue, some are more datacenter-centric than others. force10 e1200 was
one platform that had this limitation for example.

> Cheers,
> -- jra
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140205/9a14e478/attachment.bin>


More information about the NANOG mailing list