North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Source address validation (was Re: UUNet Offer New ProtectionAgainst DDoS)
- From: Steve Francis
- Date: Mon Mar 08 14:49:39 2004
Christopher L. Morrow wrote:
That was exactly what I was doing by saying I will only get service from
ISPs that run loose-uRPF in cores. (or all edges, including peering links.)
2. I've not seen large networks talking about their awfulit melts routers, good enough for you? Specifically it melts linecards :(
experiences with SAV.
my experience is only on Cisco equipment though, so the linecard/ios/rev
games must be played. If you upgrade, or initially install, E3 cards a
large portion of this care is not necessary though. This is a problem that
could be migrated out as new equipment/capabilities hit everyone's
networks. I suspect that market pressure will push things in this
direction anyway over time.
I will not take service from ISP X, who is cheaper than ISP Y, if ISP X
cannot assure me that I will not get bogon sourced traffic on my link.
What you are saying above is not a technical argument against uRPF (as
you grant that there is equipment that will do uRPF at core speeds.) -
its a business one. So I am giving you a business incentive to take to
your managers. "Customers want this service which we cannot deliver w/o
upgrades. Customers will not give us money unless we spend this money,
and they will go to our competitors who have infrastructure that can do
it." If your vendors cannot deliver equipment that meets your
requirements to meet your customers' needs, you need to say the same
thing to your vendors, and vote with dollars for those that can.