BCP38 adoption "incentives"?

Zbyněk Pospíchal zbynek at dialtelecom.cz
Tue Sep 27 13:07:20 UTC 2016


The implementation of BCP38 over local market strongly increased after
massive DDoS attacks in 2013 affecting major part of the industry thanks
to an initiative of the most important local IXP.

There is a special separate last-resort "island mode" network, which is
intended to be activated in case of really major attacks to keep an
accessibility of (at least) local services for local users.
Implementation of BCP38 is one of the (lot of) requirements.

Positive motivation is definitely better than asking politicians for
regulations. More: https://fe.nix.cz/en/

Regards,
Zbynek




Dne 27.09.16 v 14:46 Mikael Abrahamsson napsal(a):
> On Tue, 27 Sep 2016, Stephen Satchell wrote:
> 
>> You have to make their ignorance SUBTRACT from the bottom line.
> 
> I'd say there is no way to actually achieve this. BCP38 non-compliance
> doesn't hurt the one not in compliance in any significant amount, it
> hurts everybody else.
> 
> The only way I can imagine BCP38 ever happening widely is by means of
> legislation, which of course is really hard because Internet spans
> countries/continents.
> 
> Doing anti-spoofing should be done at the edge, the further up into the
> core you try to do it, the bigger risk you're breaking lots of users'
> connectivity, causing customer complaints.
> re
> In some countries I'm sure BCP38 compliance could be increased by means
> of legislation and fining companies that do not do BCP38 filtering. But
> before we do that, we need to agree that BCP38 compliance is a must. I
> don't think we're there. I have heard people say that if they don't
> allow some of their customers to spoof, they're losing business, because
> some customers have built complete (deployed) solutions that are built
> on the fact that they can spoof packets. These people will have to be
> convinced that they're doing it wrong and re-design their solutions.
> This is going to cost them dearly, so they're going to be upset.
> 
> With all the IoT devices out there, do people even need to spoof anymore?
> 




More information about the NANOG mailing list