On 03/28/2013 11:03 AM, Nick Hilliard wrote:
On 28/03/2013 11:01, Mike Jones wrote:
To throw a small data point out there, I have had several server/VPS
providers who all (but one) performed filtering on v4, but nearly all
forgot it with v6 (some have since done it).
As always, beware hardware limitations (i.e. looking at sup720 / rsp720 in
particular). ACLs only for ipv6 urpf on this platform.
And, somewhat annoyingly, that platform also has ACL limitatons
(specifically, you can't have >512 unique ACLs on interfaces, so if you
have >512 interfaces, you're hosed).
I am curious to know if people are using "second best" spoof protections
of having a single big egress ACL at the points leaving their network
containing all expected source addresses, or even if they're doing both.
