nanog mailing list archives
Re: Request for comment -- BCP38
From: "Jay R. Ashworth" <jra () baylink com>
Date: Sun, 2 Oct 2016 01:27:13 +0000 (UTC)
----- Original Message -----
From: "John Levine" <johnl () iecc com>
If you have links from both ISP A and ISP B and decide to send traffic out ISP A's link sourced from addresses ISP B allocated to you, ISP A *should* drop that traffic on the floor. There is no automated or scalable way for ISP A to distinguish this "legitimate" use from spoofing; unless you consider it scalable for ISP A to maintain thousands if not more "exception" ACLs to uRPF and BCP38 egress filters to cover all of the cases of customers X, Y, and Z sourcing traffic into ISP A's network using IPs allocated to them by other ISPs?I gather the usual customer response to this is "if you don't want our $50K/mo, I'm sure we can find another ISP who does."
Come on, John. Anyone spending 50K a month belongs in PI space with BGP, and they're a big enough customer for the ISPs to both put exception rules in their ingress filters even if they're not. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Current thread:
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- <Possible follow-ups>
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Florian Weimer (Oct 02)
- Re: Request for comment -- BCP38 Stephen Satchell (Oct 02)
- Re: Request for comment -- BCP38 Octavio Alvarez (Oct 02)
- Re: Request for comment -- BCP38 Jay Hennigan (Oct 02)