I wonder if any of the cisco experts could comment on an idea for removing bogons from the core... Questions: - do folks use cisco's policy routing capabilities on their routers? core routers? - does the use of policy routing significantly affect performance in the core? The thought is that using policy routing capabilities of IOS, it appears possible to separate out traffic matching certain characteristics, including source addresses. If packets with bogus source addresses can be so identified, the policy routing could route these to null0. I don't know how Cisco did their implementation of this feature. It's certainly possible to construct hardware which does source IP address matching in hardware looking for bogons, by the same methods used to do destination address matching (a.k.a. routing table lookups). -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com