[168843] in North American Network Operators' Group
Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Wed Feb 5 16:26:50 2014
Date: Wed, 5 Feb 2014 16:24:42 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <52F18A5E.8050803@alvarezp.ods.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Octavio Alvarez" <alvarezp@alvarezp.ods.org>
> Maybe I'm oversimplifying things but I'm really curious to know why
> can't the nearest-to-end-user ACL-enabled router simply have an ACL to
> only allows packets from end-users that has a valid source-address
> from the network segment they provide service to.
The common answer, Octavio, at least *used to* be "our line cards aren't
smart enough to implement strict-unicast-RPF, and our boxes don't have
enough horsepower to handle every packet through the CPU".
As I've noted, I'm not sure I believe that's true of current generation
gear, and if it *is*, then it should cost manufacturers business.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
