Phil Karn writes:
By the way, ingress filtering breaks things other than Mobile IP.
Consider the DirecPC service, which gives you a one-way (forward)
satellite channel at 400 kb/s. Your return link is via local dialup
service provider. If the local ISP (or its upstream provider) does
source filtering, you can't send your perfectly legitimate packets
into the network over that ISP without tunneling them all through
DirecPC's own network connection, which may be on the other side of
the continent.
Filtering does not break my users' DirecPC.
It also does not break their VPN.
It does keep a lot of martian packets off my network, and in several
instances it has blocked spoofed-source-IP DoS attempts by my users.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
Oldest Internet service based in the Adirondack-Albany region