Egress filtering against IP spoofing

How widely appli开发者_开发百科ed is anti-IP-spoofing egress filtering?

---

I would say almost every major ISP either uses explicit anti-spoofing ingress filters or unicast reverse path forwarding (uRPF) checks.

uRPF is a router feature that looks up the source-address of each received packet in the routing table. If there isn't a valid route to the source via the same interface that the packet arrived on, the packet is dropped.

On the customer networks, it's hit-or-miss on whether the customer does egress filtering towards the ISP. It's considered a best practice, but ISPs generally don't trust customers to do the right thing. That's why the ISPs almost always do ingress filtering (or uRPF).