Re: Government scrutiny is headed our way

["Kent W. England" <kwe () geo net>]

If software from OFRV can do ingress source address checking without
performance penalty on edge devices, it should be included as a default. It
doesn't make sense to me to run around yelling about strange people in your
house if there is technology that can bar entry. Install the lock that is
already there and lock the door.

We just have to get creative about describing the inclusion of the feature,
attendance at a congressional hearing, a demonstration at an industry
conference, and a well written press release about how "we" are doing
something about the problem. IOPS could do this. NANOG's press secretary or
executive director could do this.  :-)

--Kent


From: Jon Lewis <jlewis () inorganic5 fdt net>
> On IOS, aren't packets going through ip access-group filters (that don't
> do logging) fast switched as of some point in 11.2?  If ingress filtering
> no longer has to put a huge burdon on router CPUs, it would be nice to see
> ingress filtering on the routers backbone providers talk to customers
> with ...