nanog mailing list archives

Re: Request for comment -- BCP38

From: Seth Mattinen <sethm () rollernet us>
Date: Mon, 26 Sep 2016 09:01:50 -0700

On 9/26/16 07:47, Stephen Satchell wrote:

On 09/26/2016 07:11 AM, Paul Ferguson wrote:

No -- BCP38 only prescribes filtering outbound to ensure that no
packets leave your network with IP source addresses which are not
from within your legitimate allocation.


So, to beat that horse to a fare-thee-well, to be BCP38 compliant I
need, on every interface sending packets out to the internet, to block
any source address matching a subnet in the BOGON list OR not matching
any of my routeable network subnets?  Plus add null-route entries for
all the BOGONs in my routing table so I don't send a bad destination
packet to my upstream?

I start with customer interfaces and configure them to only allowtraffic with a source address in their assigned subnet.


~Seth

Current thread:

Re: Request for comment -- BCP38, (continued)
- - - Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
    - Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
    - Re: Request for comment -- BCP38 Mike Hammett (Sep 26)
    - Message not available
    - Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
    - Re: Request for comment -- BCP38 John R. Levine (Sep 26)
    - Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
  - Re: Request for comment -- BCP38 Stephen Satchell (Sep 26)
    - Re: Request for comment -- BCP38 Elmar K. Bins (Sep 26)
    - Re: Request for comment -- BCP38 Paul Ferguson (Sep 26)
    - Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
    - Re: Request for comment -- BCP38 Seth Mattinen (Sep 26)