BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
joelja at bogus.com
Wed Feb 5 21:43:13 UTC 2014
On 2/5/14, 1:24 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Octavio Alvarez" <alvarezp at alvarezp.ods.org>
>> Maybe I'm oversimplifying things but I'm really curious to know why
>> can't the nearest-to-end-user ACL-enabled router simply have an ACL to
>> only allows packets from end-users that has a valid source-address
>> from the network segment they provide service to.
> The common answer, Octavio, at least *used to* be "our line cards aren't
> smart enough to implement strict-unicast-RPF, and our boxes don't have
> enough horsepower to handle every packet through the CPU".
> As I've noted, I'm not sure I believe that's true of current generation
> gear, and if it *is*, then it should cost manufacturers business.
There are boxes that haven't aged out of the network yet where that's an
issue, some are more datacenter-centric than others. force10 e1200 was
one platform that had this limitation for example.
> -- jra
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 308 bytes
Desc: OpenPGP digital signature
More information about the NANOG