Hi, On Thu, Jul 11, 2002 at 05:39:41PM +0200, Kurt Erik Lindqvist wrote:
We all know that it's a crappy argument, but lots of people try using it. Especially those who have large legacy implementations that either don't have or don't support filters on customer lines.
I agree with you. Still, the common argument is that it's to complex to maintain and to expensive to install.
With more recent vendor software versions, it's nearly always possible to automatically filter single-homed customers ("ip verify unicast reverse" in Cisco speak). It's *easy*, and maintenance effort is zero. For multi-homed customers, you need plain old access-lists, which isn' that easy, but hopefully *they* will do anti-spoofing filters then (assuming a higher clue level for multi-homing customers).
But again, I am sure the cost of dealing with the effects is close to the same amount. But few people realise this.
Tell 'em about it, repeat it again and again... Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 45809 (45931) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299