[93135] in North American Network Operators' Group
RE: register.com down sev0?
daemon@ATHENA.MIT.EDU (Gadi Evron)
Fri Oct 27 08:35:13 2006
Date: Fri, 27 Oct 2006 07:13:06 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: tony.li@tony.li
Cc: "'Daniel Senie'" <dts@senie.com>, nanog@merit.edu
In-Reply-To: <000701c6f992$7b2aecf0$4e05a8c0@tropos.com>
Errors-To: owner-nanog@merit.edu
On Thu, 26 Oct 2006, Tony Li wrote:
>
> > It was possible to implement BCP38 before the router vendors
> > came up with uRPF.
>
> Further, uRPF is frequently a very inefficient means of implementing BCP
> 38. Consider that you're going to either compare the source address
> against a table of 200,000 routes or against a handful of prefixes that
> you've statically configured in an ACL.
>
> Yes, I realize that the latter approach is more of a managerial hassle,
> but for those of you who feel that your silicon is running a tad too
> warm, you may wish to consider this as a possible performance
> improvement technique. YMMV.
>
> Your former router vendor,
> Tony
Erm, most ISP's I talk to (since I became aware of this not too long
ago) believe this is a perfect replacement for BCP38.
And yet, spoofing is possible from their space.
Gadi.
