BCP38 (was: Re: Why won't providers source-filter attacks? Simple.)
John Curran
jcurran at arin.net
Fri Feb 7 20:37:49 UTC 2014
On Feb 5, 2014, at 2:12 AM, Jimmy Hess <mysidia at gmail.com> wrote:
>> On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
>>> Now if we could get equipement vendors to stop shipping models
>>> without the necessary support it would help but that also may require
>>> government intervention.
>>> ...
>
> A good start would be to get BCP38 revised to router the Host
> requirements RFCs, to indicate that ingress filtering should be
> considered mandatory on site-facing interfaces.
> ...
It's also true that if a sizable group of network operators were to actually
deploy source address validation (thus proving that it really is a reasonable
approach and doesn't carry too much operational or vendor implications),
then it would be quite reasonable for those operators to bring the results
to NANOG and get it recognized as a best current operating practice for
networks of similar design/purpose.
> If the standards documents still just call it a best practice.... what
> hope is there of having governments require it of the service providers
> that their networks are connected to, anyways?
There is a significant difference between a "best current practice" (BCP)
document from the IETF (a technical standards body) versus one which actually
reflects the well-considered best practices of a large network operator forum.
The latter would be of some interest to governments (and groups of governments)
when they ask for any options that might help with their growing spam and DDoS
concerns...
FYI,
/John
More information about the NANOG
mailing list