* Current implementations/how [e.g. uRPF]
- if this doc should also apply to non-routers (like ethernet switches), more filtering capabilities would likely be needed -- like MAC address based filters and sane port security (you can put an interface to learning mode, then turn it to "lock", and those MAC addresses are the only ones allowed -- indefinitely, without timeouts. Just to reduce the typing.)
I think, per discussion in other thread we've concluded that layer 2 filtering not done in practice in large network cores for several possible reasons.
==> 32 bit counters are soooo last millenium. I doubt we'd be getting any equipment which doesn't do 64 bit counters.
I'm convinced.
I'd make it a must.
In this context, we're listing capabilities, not requirements (musts...)
Currently, it isn't clear enough.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings