Having run said ingress filters at a fairly good sized ISP with several thousand DSL customers It must be said that we are not talking about filters that create outrageous cpu load. What the filters can tell you is how many of your customers have misconfigured Nat, are doing multi-homing on the cheap or are just being naughty. If you do not have the filters you are going to have issue anyway when your dual-homed DSL customer calls with 50% packet loss because their other provider is doing ingress filtering. Point being is that there are pragmatic reasons to filter that are less abstract than the more difficult to grasp netizenship issues, although why folks don't get karma is beyond me :-). Finally, I cannot imagine being the source of a major DDOS and trying to explain why I did not use simple tools to avoid the problem. Nick Guy -----Original Message----- From: David Schwartz [mailto:davids@webmaster.com] Sent: Friday, March 30, 2001 12:10 AM To: nanog@nanog.org Subject: RE: dsl providers that will route /24
Subject: RE: dsl providers that will route /24
That definition, if you really mean it, would make nearly every packet on the Internet spoofed. Sooner or later, pretty much every packet winds up coming into a router with a source not assigned to the customer on the other end of that link.
think edge man, EDGE!