On Sat, Jan 18, 2003 at 08:58:13AM -0500, Daniel Senie wrote:
While it's nice that router vendors implemented unicast RPF to make configuration in some cases easier, using simple ACLs isn't necessarily hard at the edges either.
It might be nice if all router vendors were able to associate the interface configured address(es)/nets as a variable for ingress filters. So for in the Cisco world, a simple example would be: interface Serial0 ip address 192.0.2.1 255.255.255.128 ip access-group 100 in ! interface Serial1 ip address 192.0.2.129 255.255.255.128 ip access-group 100 in ! access-list 100 permit ip $interface-routes any access-list 100 deny ip any any Those sorts of features could make the scaling issue much easier for large providers and environments where routers may have lots of interfaces. An operator could also essentially build tools to automatically configure/verify configurations this way, but I think it would be better for the router vendors to do this for us. John