Dobbins, Roland rdobbins at
Thu Jan 16 14:30:35 UTC 2014

On Jan 15, 2014, at 12:05 AM, Saku Ytti <saku at> wrote:

> (We do BCP38 on all ports and verify programmatically, but I know it's not at all practical solution globally for access).

Anti-spoofing is eminently practical for most types of access network topologies using even slightly modern equipment; uRPF, ACLs, cable IP source verify, DHCP Snooping (which works just fine with fixed-address hosts), PACLs/VACLs, et. al. are some of the more prevalent mechanisms available.

In point of fact, anti-spoofing is most useful and most practical at the access-network edge, or as close to it as possible.

Roland Dobbins <rdobbins at> // <>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list