In your previous mail you wrote:
> => I dislike all firewalls, but this problem is a threat against
> ingress filtering so an ingress filtering solution is better.
I don't think I agree. Ingress filtering was adopted
primarily because it could be done relatively easily
through RPF checks. It's still pretty much an architectural
hack though, and what we are seeing here is another
manifestation of RFP-break-with-assymmetric-routes, IMO.
=> my idea is more ingress filtering by firewalls at the egress points
of a site than ingress filtering based on RPF check inside upstream ISPs
as it seems to be your idea.
Or from another point of view I believe more in a responsability of
behaviors of inside nodes (i.e. using firewalls to protect the Internet
from our users) than in a smart sanity check (RPF ingress filtering).
Bout of course this is IMHO (:-)...
Regards
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
