nanog mailing list archives
Re: BCP38 is hard; let's go shopping!
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Wed, 5 Feb 2014 17:21:42 -0500
On Wed, Feb 5, 2014 at 4:46 PM, Jay Ashworth <jra () baylink com> wrote:
----- Original Message -----From: "joel jaeggli" <joelja () bogus com>As I've noted, I'm not sure I believe that's true of current generation gear, and if it *is*, then it should cost manufacturers business.There are boxes that haven't aged out of the network yet where that's an issue, some are more datacenter-centric than others. force10 e1200 was one platform that had this limitation for example.So making sure manufacturers are producing gear that's BCP38-compliant, and buyers have it on their tick-list, is still a productive goal, too.
but, if it's a datacenter deployment there are mitigations you can perform aside from uRPF... right? you COULD just use a simple acl on the interface: "my local network is..." which you could even automate. you COULD do dhcp-snooping/mac-locking/etc and ensure that the end-host is only using the one address(es) it's permitted to use. (potentially harder to do on some gear) you COULD clamp the outbound path from edge-L3 box -> code with the right acl, since you konw what traffic should come out of the local L3 edge piece. the answer doesn't' have to be uRPF.
Current thread:
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?], (continued)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Octavio Alvarez (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 04)
- RE: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Frank Bulk (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Christopher Morrow (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Robert Drake (Feb 06)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] joel jaeggli (Feb 05)
- BCP38 is hard; let's go shopping! Jay Ashworth (Feb 05)
- Re: BCP38 is hard; let's go shopping! joel jaeggli (Feb 05)
- Re: BCP38 is hard; let's go shopping! Christopher Morrow (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Seth Mattinen (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Mark Tinka (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Mark Tinka (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 05)
- Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Jay Ashworth (Feb 04)
- Re: TWC (AS11351) blocking all NTP? Michael Smith (Feb 06)
- Re: TWC (AS11351) blocking all NTP? Doug Barton (Feb 04)