nanog mailing list archives
Re: Request for comment -- BCP38
From: "Jay R. Ashworth" <jra () baylink com>
Date: Sun, 2 Oct 2016 01:25:31 +0000 (UTC)
----- Original Message -----
From: "Laszlo Hanyecz" <laszlo () heliacal net>
If you have links from both ISP A and ISP B and decide to send traffic out ISP A's link sourced from addresses ISP B allocated to you, ISP A *should* drop that traffic on the floor. There is no automated or scalable way for ISP A to distinguish this "legitimate" use from spoofing; unless you consider it scalable for ISP A to maintain thousands if not more "exception" ACLs to uRPF and BCP38 egress filters to cover all of the cases of customers X, Y, and Z sourcing traffic into ISP A's network using IPs allocated to them by other ISPs?This is a legitimate and interesting use case that is broken by BCP38. The effectiveness of BCP38 at reducing abuse is dubious, but the benefits of asymmetric routing are well understood. Why should everyone have to go out of their way to break this.. it works fine if you just don't mess with it.
Let me see if I have your argument straight: In order to enable an "interesting" use case that is used by maybe well under 1% of end nodes not in PI address space, we should decide *not* to do something which makes it much easier to protect attack targets against well over 75% of incoming attacks of ridiculous (>OC-12) bandwidth? Is that what you're advocating? No. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Current thread:
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- <Possible follow-ups>
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Florian Weimer (Oct 02)
- Re: Request for comment -- BCP38 Stephen Satchell (Oct 02)
- Re: Request for comment -- BCP38 Octavio Alvarez (Oct 02)
- Re: Request for comment -- BCP38 Jay Hennigan (Oct 02)