[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why do ISPs still not do packet source verification in 2010?

Subject: Why do ISPs still not do packet source verification in 2010?
From: nick at foobar.org (Nick Hilliard)
Date: Mon, 20 Dec 2010 18:11:53 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

On 20/12/2010 14:41, William Pitcock wrote:
> [...] but the 6500
> series chassis can do IP-level ACL in hardware.

as regards urpf on the sup720 / rsp720: ipv4, yes; ipv6, no.

BTW, it's worth asking this question when purchasing new equipment: "does 
the equipment support both loose and strict ipv6 urpf in hardware right 
now.  if not, what is the timescale for implementation of each?".

The results are currently not very good.

Vendors: please note that support for ipv6 urpf (both strict and loose) is 
a basic networking requirement these days.

Nick

References:
- Why do ISPs still not do packet source verification in 2010?
  - From: nenolod at systeminplace.net (William Pitcock)

Prev by Date: Some truth about Comcast - WikiLeaks style
Next by Date: Some truth about Comcast - WikiLeaks style
Previous by thread: Why do ISPs still not do packet source verification in 2010?
Next by thread: SDSL circuits in UK?
Index(es):
- Date
- Thread