Request for comment -- BCP38
Mike Hammett
nanog at ics-il.net
Mon Sep 26 16:15:11 UTC 2016
Are you talking BGP level customers or individual small businesses' broadband service?
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "John Levine" <johnl at iecc.com>
To: nanog at nanog.org
Sent: Monday, September 26, 2016 11:04:33 AM
Subject: Re: Request for comment -- BCP38
>If you have links from both ISP A and ISP B and decide to send traffic out
>ISP A's link sourced from addresses ISP B allocated to you, ISP A *should*
>drop that traffic on the floor. There is no automated or scalable way for
>ISP A to distinguish this "legitimate" use from spoofing; unless you
>consider it scalable for ISP A to maintain thousands if not more
>"exception" ACLs to uRPF and BCP38 egress filters to cover all of the cases
>of customers X, Y, and Z sourcing traffic into ISP A's network using IPs
>allocated to them by other ISPs?
I gather the usual customer response to this is "if you don't want our
$50K/mo, I'm sure we can find another ISP who does."
>From the conversations I've had with ISPs, the inability to manage
legitimate traffic from dual homed customer networks is the most
significant bar to widespread BCP38. I realize there's no way to do
it automatically now, but it doesn't seem like total rocket science to
come up with some way for providers to pass down a signed object to
the customer routers that the routers can then pass back up to the
customer's other providers.
R's,
John
PS: "Illegitimate" is not a synonym for inconvenient, or hard to handle.
More information about the NANOG
mailing list