On Jan 15, 2014, at 12:05 AM, Saku Ytti <saku@ytti.fi> wrote:
(We do BCP38 on all ports and verify programmatically, but I know it's not at all practical solution globally for access).
Anti-spoofing is eminently practical for most types of access network topologies using even slightly modern equipment; uRPF, ACLs, cable IP source verify, DHCP Snooping (which works just fine with fixed-address hosts), PACLs/VACLs, et. al. are some of the more prevalent mechanisms available. In point of fact, anti-spoofing is most useful and most practical at the access-network edge, or as close to it as possible. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton