Wait; all traffic is coming in one interface. The CEF thing will have no effect if the spoofed source address is a real network. However, if it is a completely bogus source address (1.2.3.4 or somesuch), then yes, it does make it a bit easier to filter. On Sat, 25 Apr 1998 Havard.Eidnes@runit.sintef.no wrote:
The other extreme is that, what if you are singly-homed? Then it is useless again.
Why, may I ask? This removes the need to maintain access lists to do the same thing, so I don't see it as entirely useless.
- H�vard
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP! We have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --