2) Using the "ip verifiy unicast reverse-path" Cisco feature
(it's in 11.1CC images when you use CEF, so I don't get a flood
of e-mails)
I'm sure far more people would source filter if Cisco put this
in CPE routers.
> 2) Using the "ip verifiy unicast reverse-path" Cisco feature
> (it's in 11.1CC images when you use CEF, so I don't get a flood
> of e-mails)I'm sure far more people would source filter if Cisco put this
in CPE routers.
This does not mean you can't filter on your fastether,
ether, fddi, etc.. that goes to customer aggregation boxes, or on
the T1 where that connectivity hits your core backbone node, (I
understand there are cases where this would not work, for some
larger customers perhaps), but for most cases, this would be possible.
If i have network topology that provides the following
scenario:
upstream
> 2) Using the "ip verifiy unicast reverse-path" Cisco feature
> (it's in 11.1CC images when you use CEF, so I don't get a flood
> of e-mails)I'm sure far more people would source filter if Cisco put this
in CPE routers.
If I'm not terribly mistaken that'll happen (or has happened,
depending on your view) with 12.0.
Note that in 12.0, Cisco defaults to "no ip directed-broadcast",
a good thing IMHO.
- H�vard