nanog mailing list archives
Re: an effect of ignoring BCP38
From: Jo Rhett <jrhett () netconsonance com>
Date: Thu, 11 Sep 2008 01:07:52 -0700
On Sep 11, 2008, at 12:59 AM, Pekka Savola wrote:
A problem I have with these discussions is that everyone has their own idea what "BCP38" implies. Others say their loose-mode uRPF setups are "BCP38". Others are using strict uRPF or similar (e.g. acls). Some think that Tier1 transit operators should apply one of the options above to their tier2 customers. Others think it should just be applied at the site-edges. Some don't consider spoofing protection at LAN interface level at all, others call that also BCP38. Etc.
Honestly, *anything* is better than most of what's out there, which is *nothing*.
Loose mode URPF is seems (IMHO) pretty much waste of time and is confusing the discussion about real spoofing protection. The added protection compared to ACLs that drop private and possibly bogons is not that big and it causes transient losses when the routing tables are changing.
I disagree. But I will say that if everyone would apply strict mode or ACLs to their end point interfaces, this would likely make most of the loose mode irrelevant.
And your arguments about BGP changes affecting loose mode are only problematic on the busiest peering ports. Loose mode works perfectly fine with zero drops (even on Cisco) on anything smaller than a full feed (ie, that ISP client of yours you do BGP with)
-- Jo RhettNet Consonance : consonant endings by net philanthropy, open source and other randomness
Current thread:
- Re: BCP38 dismissal, (continued)
- Re: BCP38 dismissal Paul Wall (Sep 05)
- Re: BCP38 dismissal Gadi Evron (Sep 04)
- Re: BCP38 dismissal Patrick W. Gilmore (Sep 04)
- Re: BCP38 dismissal Gadi Evron (Sep 04)
- an effect of ignoring BCP38 bmanning (Sep 04)
- Re: an effect of ignoring BCP38 David Sinn (Sep 05)
- Re: an effect of ignoring BCP38 k claffy (Sep 06)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 08)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Kevin Oberman (Sep 11)
- Re: an effect of ignoring BCP38 Kevin Oberman (Sep 11)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 11)
- Re: an effect of ignoring BCP38 Randy Bush (Sep 07)
- Re: an effect of ignoring BCP38 bmanning (Sep 07)