nanog mailing list archives

Re: BCP38 Deployment

From: Michael Thomas <mike () mtcc com>
Date: Wed, 28 Mar 2012 09:52:49 -0700

On 03/28/2012 09:16 AM, Leo Bicknell wrote:

In a message written on Wed, Mar 28, 2012 at 08:45:12AM -0700, David Conrad wrote:

An interesting assertion.  I haven't looked at how end-user networks are built recently.  I had assumed there continue to be 
customer aggregation points within ISP infrastructure in which BCP38-type filtering could occur.  You're saying this is no 
longer the case?  What has replaced it?

Well, RFC3704 for one has updated the methods and tactics since BCP38
was written.  Remember BCP38 was before even "unicast RPF" as we know it
existed.



I'm not saying ISP's can't or couldn't do it, what I am saying, and
RFC 3704 is repeating, is that it is cheaper/easier/faster and more
reliable to do it as close to the edge as possible.  "The edge" is
not the edge of the ISP network, it is the edge of the entire
network, that is the /last router in the topology/.  Today that
last router is owned and operated by the customer in most cases.


Yeahbut, the CPE isn't trusted. It would be _nice_ for customers
to be bcp38 clueful as well, but I don't think it's _required_ for
successful deployment from the ISP's standpoint. Even with a
system like DOCSIS where the CPE is semi-trustworthy from a
provisioning/etc standpoint, I don't think I'd _count_ on them.

In any case, isn't RPF really cheap these days on edge aggregation
routers? It's not like it's a new innovation or anything.



BCP38 was written when a point to point handoff to a single customer was
standard, and that's easy to filter.  Today a shared medium (like a
cable modem network) is common and more importantly connects to more
routers (home gateways), rathern than PC's.  That's a funamental change
since BCP38 was written.


DOCSIS was standardized in the mid to late 90's which more or
less predates bcp 38, and it has always been able to handle multiple
endpoints/modem. As I recall, there were specs for cable modem
nics for individual machines, but they never took off.

Mike

Current thread:

Re: BCP38 Deployment, (continued)
- - - Re: BCP38 Deployment David Conrad (Mar 28)
    - Re: BCP38 Deployment Bingyang LIU (Mar 28)
    - Re: BCP38 Deployment Ray Soucy (Mar 28)
    - Re: BCP38 Deployment Joe Greco (Mar 28)
    - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment Darius Jahandarie (Mar 28)
    - Re: BCP38 Deployment David Conrad (Mar 28)
    - Re: BCP38 Deployment Darius Jahandarie (Mar 28)
    - Re: BCP38 Deployment Bingyang LIU (Mar 28)
    - RE: BCP38 Deployment Drew Weaver (Mar 28)
    - Re: BCP38 Deployment Michael Thomas (Mar 28)
    - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment Michael Thomas (Mar 28)
    - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment Valdis . Kletnieks (Mar 28)
    - Re: BCP38 Deployment David Conrad (Mar 28)
    - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment goemon (Mar 28)
    - Re: BCP38 Deployment Bingyang LIU (Mar 28)
    - Re: BCP38 Deployment Eric Brunner-Williams (Mar 28)
    - Re: BCP38 Deployment Bingyang LIU (Mar 28)

(Thread continues...)