Given the predominance of Ascend in the marketplace, and their general configuration style, it would be cool to see an option "AllowIpSpoofing=Yes/No" or the like. The boxes already carry routes associated with each interface. If a packet arrives that doesn't have a route to get it back to the interface it came from, it would be dropped. Sure, this may not always be what you want, but in 99% of the cases it would be. Implementation via Radius would permit this to be removed from people you wish to allow to spoof. :)
This won't work on anything with multiple diverse paths. And I don't know many companies with their own WANs that don't have such.
So, yes, the idea is nice but the logic would have to be much more comprehensive than that. And I honestly don't know how you could safely do it, that won't break half the routing topologies out there.
(if you assume multipath OSPF for the IGP... maybe. But that's one hell of an assumption.)
-- Joe Rhett Systems Engineer JRhett@ISite.Net ISite Services
PGP keys and contact information: http://www.navigist.com/Staff/JRhett
True, but there are a lot of small ISPs whom something like this could help. Granted, perhaps you should know enough of filters and routes to run an ISP, but there are those who don't, and their numbers will only increase as the involved equipment and technologies become more accessible to more people, and more PC shops and small businesses decide to become their own ISPs. Josh Beck jbeck@connectnet.com ---------------------------------------------------------------------- CONNECTNet INS, Inc. Phone: (619)450-0254 Fax: (619)450-3216 6370 Lusk Blvd., Suite F-208 San Diego, CA 92121 ----------------------------------------------------------------------