sean@donelan.com (Sean Donelan) writes:
SAV doesn't tell you where the packets came from. At best SAV tells you where the packets didn't come from.
...which is incredibly more valuable than not knowing anything at all.
You would be wrong. There are networks that have deployed SAV/uRPF.
They saw no _net_ savings.
In the real world, it costs more to deploy and maintain SAV/uRPF.
in the therefore-unreal world i live in, the ability to tell a GWF ("goober with firewall") that the incident report they sent our noc could not possibly have come from here, is a net cost savings over having to prove it every time.
Have you noticed this thread is full of people who don't run large networks saying other people who do run networks should deploy SAV/uRPF.
distinguishingly, i do help run a network, and i'm not limiting my accusation ("you guys are slackers") to uPRF-free networks of any particular size ("big"). -- Paul Vixie