Roland, I'm not asking that source address validation be hardwired. Merely the
default. I don't think any of us want new operators forwarding packets even in
disconnected networks if they don't understand these issues. Let the default
for new routers be s.a.v. and I don't expect much trouble. Leave the default as
is and I'll expect linear trouble with growth. Paul
"Dobbins, Roland" <[email protected]> wrote:
>
>On Oct 26, 2012, at 12:48 AM, paul vixie wrote:
>
>> until cisco makes source address validation the default
>
>Unfortunately, neither Cisco nor any other network infrastructure
>vendor will do this absent some fundamental breakthrough in
>anti-spoofing mechanisms, because there are too many topological
>situations in which the primary existing mechanism (uRPF, ACLs) can
>induce overblocking.
>
>-----------------------------------------------------------------------
>Roland Dobbins <[email protected]> // <http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
>_______________________________________________
>dns-operations mailing list
>[email protected]
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
