On 4/1/13, Jay Ashworth <jra@baylink.com> wrote:
It would just be way too much luck and convenience for that to happen by coincidence.
Once in a while, you win.
The trouble with winning by coincidence or winning as a side-effect... Do you keep winning? What happens with IPv6 CPE devices, when there is no NAT? No translation occurs, so possibly rogue source IP packets get through, unless the device specifically applies uRPF or clamping source addresses to the LAN interface subnet. It would be nice if the RFCs specified Ingress filtering by default in router requirements for IPv4 and IPv6, as a MUST requirement; instead of some 2nd class citizen, optional best practices document. By specifying ingress as the default, it then becomes an implementor responsibility to understand when and where in their network they have to override the default for things to work properly, when it is safe to, and where the filtering is required. -- -JH