[52721] in North American Network Operators' Group
Re: Who does source address validation? (was Re: what's that
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Oct 9 08:20:59 2002
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Wed, 09 Oct 2002 14:18:34 +0200
In-Reply-To: <Pine.GSO.4.40.0210090753320.15455-100000@clifden.donelan.com> (Sean
Donelan's message of "Wed, 9 Oct 2002 08:12:55 -0400 (EDT)")
Errors-To: owner-nanog-outgoing@merit.edu
Sean Donelan <sean@donelan.com> writes:
> Whether this is still true, the legend lives on. A 20% throughput hit
> won't be offset by a 12 to 18 percent bandwidth savings. Especially on
> heavily loaded circuits. Some network engineers are reluctant to do any
> type of packet filtering (uRPF or ACL based) because of the belief it will
> hurt performance (latency, throughput, etc).
Some network operators got burned by broken ACL implementations, too.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
