True, but no-one is saying the entire network should be done in one fell swoop. Eventually, larger companies WILL have to replace outdated components and when they do they can replace them and at the same time make sure ACL's or uBRF
uRPF even..weird typo
or whatever you use is in place. And before that, you could at least make sure your newer equipment that CAN easily take ACLs is properly configured. Currently most larger companies do neither, always pointing out the cost of doing a huge network wide upgrade that in actuality no-one is expecting them to do. Even if only a percentage of a large ISP's network (especially xDSL and HFC services) is properly configured, it'll save a lot of grief, cutting maintenance cost for the ISP itself as well as causing less headaches for other companies. And over time you just gradually update parts where you're replacing equipment that's at the end of it's lifecycle anyway.
Cheers, --
Erik Haagsman Network Architect We Dare BV tel: +31(0)10 7507008 fax:+31(0)10 7507005 http://www.we-dare.nl