There are some differences here, depending on the type of router platform you are using.
some cisco routers perform rpf checks in software, some in hardware. same thing applies to acls. if you router supports acls in hardware asics, but software in rpf, you will be better to use acl, since a spoofed DOS could make your router very busy doing rpf checks in software, but will not affect much using if you use acls in hardware. regards mk -----Original Message----- From: McKenzie Family [mailto:[EMAIL PROTECTED] Sent: Sunday, March 23, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: ip verify unicast rpf vs acls on cisco routers? To drop spoofed packets can you just implement "ip verify unicast rpf" on border routers instead of creating a whole bunch of spoofing ACL's? Or should you put both? Regards ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1 ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
