----- Original Message ----- > From: "Octavio Alvarez" <alvar...@alvarezp.ods.org>
> Maybe I'm oversimplifying things but I'm really curious to know why > can't the nearest-to-end-user ACL-enabled router simply have an ACL to > only allows packets from end-users that has a valid source-address > from the network segment they provide service to. The common answer, Octavio, at least *used to* be "our line cards aren't smart enough to implement strict-unicast-RPF, and our boxes don't have enough horsepower to handle every packet through the CPU". As I've noted, I'm not sure I believe that's true of current generation gear, and if it *is*, then it should cost manufacturers business. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
