North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Source address validation (was Re: UUNet Offer New Protection
- From: Paul Vixie
- Date: Sun Mar 07 17:21:05 2004
email@example.com (Sean Donelan) writes:
> SAV doesn't tell you where the packets came from. At best SAV tells you
> where the packets didn't come from.
...which is incredibly more valuable than not knowing anything at all.
> You would be wrong. There are networks that have deployed SAV/uRPF.
> They saw no _net_ savings.
> In the real world, it costs more to deploy and maintain SAV/uRPF.
in the therefore-unreal world i live in, the ability to tell a GWF ("goober
with firewall") that the incident report they sent our noc could not possibly
have come from here, is a net cost savings over having to prove it every time.
> Have you noticed this thread is full of people who don't run large
> networks saying other people who do run networks should deploy SAV/uRPF.
distinguishingly, i do help run a network, and i'm not limiting my accusation
("you guys are slackers") to uPRF-free networks of any particular size ("big").