nanog mailing list archives
Re: Why do ISPs still not do packet source verification in 2010?
From: Nick Hilliard <nick () foobar org>
Date: Mon, 20 Dec 2010 18:11:53 +0000
On 20/12/2010 14:41, William Pitcock wrote:
[...] but the 6500 series chassis can do IP-level ACL in hardware.
as regards urpf on the sup720 / rsp720: ipv4, yes; ipv6, no.BTW, it's worth asking this question when purchasing new equipment: "does the equipment support both loose and strict ipv6 urpf in hardware right now. if not, what is the timescale for implementation of each?".
The results are currently not very good.Vendors: please note that support for ipv6 urpf (both strict and loose) is a basic networking requirement these days.
Nick
Current thread:
- Why do ISPs still not do packet source verification in 2010? William Pitcock (Dec 20)
- Re: Why do ISPs still not do packet source verification in 2010? Nick Hilliard (Dec 20)