North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New Protection

  • From: Paul Vixie
  • Date: Sun Mar 07 17:21:05 2004

[email protected] (Sean Donelan) writes:

> SAV doesn't tell you where the packets came from.  At best SAV tells you
> where the packets didn't come from.

...which is incredibly more valuable than not knowing anything at all.

> You would be wrong.  There are networks that have deployed SAV/uRPF.
> 
> They saw no _net_ savings.
> 
> In the real world, it costs more to deploy and maintain SAV/uRPF.

in the therefore-unreal world i live in, the ability to tell a GWF ("goober
with firewall") that the incident report they sent our noc could not possibly
have come from here, is a net cost savings over having to prove it every time.

> Have you noticed this thread is full of people who don't run large
> networks saying other people who do run networks should deploy SAV/uRPF.

distinguishingly, i do help run a network, and i'm not limiting my accusation
("you guys are slackers") to uPRF-free networks of any particular size ("big").
-- 
Paul Vixie