North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP rate limiting on EGRESS (Warning, operational contentinside)

  • From: Paul Ferguson
  • Date: Mon Jan 17 20:27:20 2000

At 11:26 AM 01/18/2000 +1030, Glen Turner wrote:

> This is the principle reason to encourage everyone to implement
> RFC2267-style filtering. :-/

It would be nice if this shipped "on" by default in a particular
major vendor's products.  This would at least take care of the
clueless majority, and would force all ISPs to address the issue.

It is only the router vendors and routing code authors that can
*force* source address checking throughout the Internet.  Most
users will simply install it during a normal software update.
Well, we don't _force_ anyone to use amything, but we do have
a little knob called "Unicast RPF". I'll leave it to the rest of
the of the readership to discuss it's merits (or perhaps move the
dicussion to the cisco-nsp list instead).


- paul