[26817] in North American Network Operators' Group
Re: ICMP rate limiting on EGRESS (Warning, operational
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Mon Jan 17 20:27:25 2000
Message-Id: <4.2.2.20000117202108.00a4d110@lint.cisco.com>
Date: Mon, 17 Jan 2000 20:23:43 -0500
To: Glen Turner <glen.turner@aarnet.edu.au>
From: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <3883BA27.E8B018D2@aarnet.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 11:26 AM 01/18/2000 +1030, Glen Turner wrote:
> > This is the principle reason to encourage everyone to implement
> > RFC2267-style filtering. :-/
>
>It would be nice if this shipped "on" by default in a particular
>major vendor's products. This would at least take care of the
>clueless majority, and would force all ISPs to address the issue.
>
>It is only the router vendors and routing code authors that can
>*force* source address checking throughout the Internet. Most
>users will simply install it during a normal software update.
Well, we don't _force_ anyone to use amything, but we do have
a little knob called "Unicast RPF". I'll leave it to the rest of
the of the readership to discuss it's merits (or perhaps move the
dicussion to the cisco-nsp list instead).
Cheers,
- paul
