On 2/5/14, 1:24 PM, Jay Ashworth wrote: > ----- Original Message ----- >> From: "Octavio Alvarez" <alvar...@alvarezp.ods.org> > >> Maybe I'm oversimplifying things but I'm really curious to know why >> can't the nearest-to-end-user ACL-enabled router simply have an ACL to >> only allows packets from end-users that has a valid source-address >> from the network segment they provide service to. > > The common answer, Octavio, at least *used to* be "our line cards aren't > smart enough to implement strict-unicast-RPF, and our boxes don't have > enough horsepower to handle every packet through the CPU". > > As I've noted, I'm not sure I believe that's true of current generation > gear, and if it *is*, then it should cost manufacturers business.
There are boxes that haven't aged out of the network yet where that's an issue, some are more datacenter-centric than others. force10 e1200 was one platform that had this limitation for example. > Cheers, > -- jra >
signature.asc
Description: OpenPGP digital signature
