[168846] in North American Network Operators' Group
Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
daemon@ATHENA.MIT.EDU (joel jaeggli)
Wed Feb 5 16:43:57 2014
Date: Wed, 05 Feb 2014 13:43:13 -0800
From: joel jaeggli <joelja@bogus.com>
To: Jay Ashworth <jra@baylink.com>, NANOG <nanog@nanog.org>
In-Reply-To: <5822441.7294.1391635482579.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--X1JO0lfFDQ59U8M0j2XHFT49ewLd6ghW8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 2/5/14, 1:24 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Octavio Alvarez" <alvarezp@alvarezp.ods.org>
>=20
>> Maybe I'm oversimplifying things but I'm really curious to know why
>> can't the nearest-to-end-user ACL-enabled router simply have an ACL to=
>> only allows packets from end-users that has a valid source-address
>> from the network segment they provide service to.
>=20
> The common answer, Octavio, at least *used to* be "our line cards aren'=
t=20
> smart enough to implement strict-unicast-RPF, and our boxes don't have =
> enough horsepower to handle every packet through the CPU".
>=20
> As I've noted, I'm not sure I believe that's true of current generation=
> gear, and if it *is*, then it should cost manufacturers business.
There are boxes that haven't aged out of the network yet where that's an
issue, some are more datacenter-centric than others. force10 e1200 was
one platform that had this limitation for example.
> Cheers,
> -- jra
>=20
--X1JO0lfFDQ59U8M0j2XHFT49ewLd6ghW8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLysHEACgkQ8AA1q7Z/VrLeegCeLEfDNtlITrjggvOQOdQzBvuF
Gb8An253vwshhQc1E2qTYaQ62Fczn31u
=CSsa
-----END PGP SIGNATURE-----
--X1JO0lfFDQ59U8M0j2XHFT49ewLd6ghW8--
