Request for comment -- BCP38
Paul Ferguson
fergdawgster at mykolab.com
Mon Sep 26 14:58:39 UTC 2016
> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <list at satchell.net> wrote:
>
> On 09/26/2016 07:11 AM, Paul Ferguson wrote:
>> No -- BCP38 only prescribes filtering outbound to ensure that no
>> packets leave your network with IP source addresses which are not
>> from within your legitimate allocation.
>
> So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on every interface sending packets out to the internet, to block any source address matching a subnet in the BOGON list OR not matching any of my routeable network subnets? Plus add null-route entries for all the BOGONs in my routing table so I don't send a bad destination packet to my upstream?
BCP38 only provides for disallowing spoofed packets into the Internet. Any additional filtering against bosons, etc., are probably a good idea, just not including specifically in BCP38.
- ferg
—
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160926/3259859e/attachment.sig>
More information about the NANOG
mailing list