BCP38 Deployment

David Conrad drc at virtualized.org
Wed Mar 28 10:45:12 CDT 2012


On Mar 28, 2012, at 8:13 AM, Leo Bicknell wrote:
>> #1) Money.
>> #2) Laziness.

> While Patrick is spot on, there is a third issue which is related
> to money and laziness, but also has some unique aspects.
> BCP38 makes the assumption that the ISP does some "configuration"
> to insure only properly sourced packets enter the network.  That
> may have been true when BCP38 was written, but no longer accurately
> reflects how networks are built and operated.

An interesting assertion.  I haven't looked at how end-user networks are built recently.  I had assumed there continue to be customer aggregation points within ISP infrastructure in which BCP38-type filtering could occur.  You're saying this is no longer the case?  What has replaced it?

> BCP38 needs

> to be applied at the OEM level in equipment maufacturing, not at
> the operational level with ISP's.

I don't believe this is either/or.  I agree that BCP38 features should be turned on by default in CPE, however I believe it really needs to be enforced at the ISP level.

> As long as folks keep beating on (consumer) ISPs to implement BCP38, nothing will happen.


Actually, given the uptick in spoofing-based DoS attacks, the ease in which such attacks can be generated, recent high profile targets of said attacks, and the full-on money pumping freakout about anything with "cyber-" tacked on the front, I suspect a likely outcome will be proposals for legislation forcing ISPs to do something like BCP38. 


More information about the NANOG mailing list