nanog mailing list archives
Re: Request for comment -- BCP38
From: Mike Hammett <nanog () ics-il net>
Date: Mon, 26 Sep 2016 11:15:11 -0500 (CDT)
Are you talking BGP level customers or individual small businesses' broadband service? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "John Levine" <johnl () iecc com> To: nanog () nanog org Sent: Monday, September 26, 2016 11:04:33 AM Subject: Re: Request for comment -- BCP38
If you have links from both ISP A and ISP B and decide to send traffic out ISP A's link sourced from addresses ISP B allocated to you, ISP A *should* drop that traffic on the floor. There is no automated or scalable way for ISP A to distinguish this "legitimate" use from spoofing; unless you consider it scalable for ISP A to maintain thousands if not more "exception" ACLs to uRPF and BCP38 egress filters to cover all of the cases of customers X, Y, and Z sourcing traffic into ISP A's network using IPs allocated to them by other ISPs?
I gather the usual customer response to this is "if you don't want our $50K/mo, I'm sure we can find another ISP who does."
From the conversations I've had with ISPs, the inability to manage
legitimate traffic from dual homed customer networks is the most significant bar to widespread BCP38. I realize there's no way to do it automatically now, but it doesn't seem like total rocket science to come up with some way for providers to pass down a signed object to the customer routers that the routers can then pass back up to the customer's other providers. R's, John PS: "Illegitimate" is not a synonym for inconvenient, or hard to handle.
Current thread:
- Re: Request for comment -- BCP38, (continued)
- Re: Request for comment -- BCP38 Florian Weimer (Sep 27)
- Re: Request for comment -- BCP38 Stephen Satchell (Sep 27)
- Re: Request for comment -- BCP38 Florian Weimer (Sep 27)
- Re: Request for comment -- BCP38 Aled Morris (Sep 26)
- Re: Request for comment -- BCP38 John Levine (Sep 26)
- Re: Request for comment -- BCP38 Laszlo Hanyecz (Sep 26)
- Re: Request for comment -- BCP38 Eliot Lear (Sep 26)
- Re: Request for comment -- BCP38 Mark Andrews (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 John Levine (Sep 26)
- Re: Request for comment -- BCP38 Mike Hammett (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Mike Hammett (Sep 26)
- Message not available
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 John R. Levine (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Elmar K. Bins (Sep 26)
- Re: Request for comment -- BCP38 Paul Ferguson (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)