On Oct 2, 2014, at 8:37 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
So, the problem is that those networks which are likely to implement the various topologically-appropriate at the various edges of their network are likely to have done so. And by definition, the endpoint networks where the spoofed traffic originates aren't likely to do so, nor are their immediate peers/upstream transits - or they would've done so long ago.
We have not seen support from other customers of our vendors for these features in RFI/RFP. It has taken us sometimes a year (or more) to get software fixes for uRPF related defects. The network performance can be impacted for all users due to the penalty by turning on uRPF as well, so it’s not even technically viable if you want line-rate from certain hardware sets. (See RFI/RFP). I’ve tried to collect a list of other interested parties to include this in their purchasing process with 0 takers so have put this on the back burner and just kept measuring networks that permit spoofed packets instead. It’s like any other things (e.g.: BGP hygiene), many people don’t invest the time/though/resources to cause the necessary impact. - Jared