SD> Date: Sun, 7 Mar 2004 16:17:50 -0500 (EST) SD> From: Sean Donelan SD> SAV doesn't tell you where the packets came from. At best SD> SAV tells you where the packets didn't come from. If SAV were universal, source addresses could not be spoofed. If source addresses could not be spoofed... SD> You would be wrong. There are networks that have deployed SD> SAV/uRPF. Some. I said "all". SD> They saw no _net_ savings. SD> SD> In the real world, it costs more to deploy and maintain SD> SAV/uRPF. The benefit is to other networks. When other networks make your life easier, you benefit. If you want others to help you, help them. SD> Have you noticed this thread is full of people who don't run SD> large networks saying other people who do run networks should SD> deploy SAV/uRPF. 1. SAV is most effective at the edge, which often implies the smaller networks should be doing it 2. I've not seen large networks talking about their awful experiences with SAV. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.