an effect of ignoring BCP38

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Sep 11 13:07:35 CDT 2008


On Thu, 11 Sep 2008 10:25:01 PDT, Jo Rhett said:

> I don't agree with this statement.  I hear this a lot, and it's not  
> really true.  Being multihomed doesn't mean that your source addresses  
> are likely to be random.  (or would be valid if they were)
> 
> A significant portion of our customers, and *all* of the biggest  
> paying ones, are multihomed.  And they might have a lot of different  
> ranges, but we know what the ranges are and filter on those.

The problem isn't your customers, it's *their* customers who also multihome
to somebody you peer with at 3 other locations.

AS1312 talks to AS7066, which talks to AS1239, and we talk to AS40220, which
talks to Level3 and AboveNet.  Now - for each of your routers, what interfaces
*can* or *can't* see legitimate packets from us?  Does your answer change if
something at MATP burps and loses its Lambdarail connection?

*That* is the use case that makes it difficult-to-impossible for the 'top 5'
to do anything resembling strict BCP38.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080911/01d03c94/attachment.bin>


More information about the NANOG mailing list