nanog mailing list archives
BCP38 For BGP Customers
From: Charles Rumford via NANOG <nanog () nanog org>
Date: Mon, 7 Nov 2022 11:47:54 -0500
Hello -I'm are currently working on getting BCP38 filtering in place for our BGP customers. My current plan is to use the Juniper uRPF feature to filter out spoofed traffic based on the routing table. The mentality would be: "If you don't send us the prefix, then we don't accept the traffic". This has raised some issues amongst our network engineers regarding multi-homed customers.
One of the issues raised was if a multi-homed BGP customer revoked a prefix from one of their peerings, but continued sending us traffic on the link then we would drop the traffic.
I would like to hear what others are doing for BCP38 deployments for BGP customers. Are you taking the stance of "if you don't send us the prefix, then we don't accept the traffic"? Are you putting in some kind of fall back filter in based on something like IRR data?
Thanks! -- Charles Rumford (he/his/him) Network Engineer | Deft 1-312-268-9342 | charlesr () deft com deft.com
Current thread:
- BCP38 For BGP Customers Charles Rumford via NANOG (Nov 07)
- Re: BCP38 For BGP Customers Matt Harris (Nov 07)
- Re: BCP38 For BGP Customers Tom Beecher (Nov 07)
- Re: BCP38 For BGP Customers Jared Mauch (Nov 08)
- Re: BCP38 For BGP Customers Chris Adams (Nov 07)
- Re: BCP38 For BGP Customers William Herrin (Nov 07)
- RE: BCP38 For BGP Customers Tony Wicks (Nov 07)
- Re: BCP38 For BGP Customers William Herrin (Nov 07)
- RE: BCP38 For BGP Customers Tony Wicks (Nov 07)
- Re: BCP38 For BGP Customers Mike Hammett (Nov 07)
- RE: BCP38 For BGP Customers Ryan Hamel (Nov 07)
- RE: BCP38 For BGP Customers Brian Turnbow via NANOG (Nov 08)
(Thread continues...)