[c-nsp] DDoS + ME3600/ME3800
Nick Hilliard
nick at foobar.org
Thu Mar 28 06:52:53 EDT 2013
On 28/03/2013 08:54, Lukasz Bromirski wrote:
> uRPF is coming, both for IPv4 and IPv6. Unfortunately, it's still
> in the future, not now.
Do you have a timescale for this in the feature roadmap? I'm aware you can
use ACLs, but implementing these is much more time consuming and prone to
operator error.
This latest round of DDoS attacks is putting operators under a lot of
pressure to implement bcp38 on their networks. It's relatively
straightforward to do with strict urpf, but with ACLs, it requires more
planning and work. This makes it a good deal more difficult to implement,
which is harmful for the common good of the internet.
I'm using ACLs at the moment, but would rip them out in an instant if I could.
Nick
More information about the cisco-nsp
mailing list