On Thu, 26 Oct 2006, Tony Li wrote: > > > It was possible to implement BCP38 before the router vendors > > came up with uRPF. > > Further, uRPF is frequently a very inefficient means of implementing BCP > 38. Consider that you're going to either compare the source address > against a table of 200,000 routes or against a handful of prefixes that > you've statically configured in an ACL. > > Yes, I realize that the latter approach is more of a managerial hassle, > but for those of you who feel that your silicon is running a tad too > warm, you may wish to consider this as a possible performance > improvement technique. YMMV. > > Your former router vendor, > Tony
Erm, most ISP's I talk to (since I became aware of this not too long ago) believe this is a perfect replacement for BCP38. And yet, spoofing is possible from their space. Gadi.