[133937] in North American Network Operators' Group
Re: Why do ISPs still not do packet source verification in 2010?
daemon@ATHENA.MIT.EDU (Nick Hilliard)
Mon Dec 20 13:12:43 2010
X-Envelope-To: nanog@nanog.org
Date: Mon, 20 Dec 2010 18:11:53 +0000
From: Nick Hilliard <nick@foobar.org>
To: William Pitcock <nenolod@systeminplace.net>
In-Reply-To: <20101220084131.1c3ae53c@petrie.gateway.2wire.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 20/12/2010 14:41, William Pitcock wrote:
> [...] but the 6500
> series chassis can do IP-level ACL in hardware.
as regards urpf on the sup720 / rsp720: ipv4, yes; ipv6, no.
BTW, it's worth asking this question when purchasing new equipment: "does
the equipment support both loose and strict ipv6 urpf in hardware right
now. if not, what is the timescale for implementation of each?".
The results are currently not very good.
Vendors: please note that support for ipv6 urpf (both strict and loose) is
a basic networking requirement these days.
Nick
