Re: BCP 38 coverage if top x providers ...

[Laurent Dumont <admin () coldnorthadmin com>]

Wouldn't you want BCP38 policies to be as close as possible to the 
traffic sources? Instead of creating more "fake" traffic?

And at the same time, partial filtering doesn't seem as a very effective 
way to fight spoofed traffic on a large scale.

On 03/24/2017 11:07 AM, Florian Weimer wrote:
> * Jared Mauch:
>
> > > On Nov 19, 2016, at 9:13 PM, Frank Bulk <frnkblk () iname com> wrote:
> > >
> > > My google fu is failing me, but I believe there was a NANOG posting a year
> > > or two ago that mentioned that if the top x providers would
> > > implement BCP 38
> > > then y% of the traffic (or Internet) would be de-spoofed.  The point was
> > > that we don't even need everyone to implement BCP 38, but if the largest
> > > (transit?) providers did it, then UDP reflection attacks could be
> > > minimized.
> > >
> > > If someone can recall the key words in that posting and dig it up, that
> > > would be much appreciated.
> > A double lookup of the packet is twice as expensive and perhaps
> > impractical in some (or many) cases.
> Do you actually have to filter all packets?
>
> Or could you just sample a subset and police the offenders, on the
> assumption that if you don't implement an anti-spoofing policy, you
> end up with near-constant leakage?