Ingress filtering is filtering traffic coming in to your network. How are you supposed to know whether traffic coming from a certain peer actually legitimately originates from that peer?
Egress filtering is filtering traffic that exits your network. It's your network, so you should know with absolute certainty whether it's real - either the source is one of your networks, or it isn't, and if it's not, you drop it.
Please explain how ingress filtering is supposed be the better solution.
We are almost talking about the same thing. But it's better to accomplish this on all your customer links, otherwise they can still spoof within your network.
Read up on bcp38? This is from the first hit on Google:
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
Ingress filtering is filtering traffic coming in to your network. How are you supposed to know whether traffic coming from a certain peer actually legitimately originates from that peer?
Egress filtering is filtering traffic that exits your network. It's your network, so you should know with absolute certainty whether it's real - either the source is one of your networks, or it isn't, and if it's not, you drop it.
Please explain how ingress filtering is supposed be the better solution.