Saku Ytti saku at
Thu Jan 16 14:56:33 UTC 2014

On (2014-01-16 14:30 +0000), Dobbins, Roland wrote:

> In point of fact, anti-spoofing is most useful and most practical at the access-network edge, or as close to it as possible.

We must disagree on definition of practical. Maybe if I'd reword it realistic
we might be closer.

It is not going to happen, the most suspect places are places where it's going
to be most difficult to get, either fully on autopilot with no technical
personnel capable or having the power to make the change or ghetto gear with
no capability for it.

The longer we endorse fantasy the longer it'll take to promote practical
solutions. There is nothing near consensus that IP transit should or even can
be ACLd, but it's really simple and I'm happy to volunteer my time with any
network wishing to implement it.
Very modest amount of ports will produce significant reduction in spoofing


More information about the NANOG mailing list