BCP38 Deployment

Darius Jahandarie djahandarie at gmail.com
Wed Mar 28 11:39:36 CDT 2012

On Wed, Mar 28, 2012 at 12:16, Leo Bicknell <bicknell at ufp.org> wrote:
> Well, RFC3704 for one has updated the methods and tactics since BCP38
> was written.  Remember BCP38 was before even "unicast RPF" as we know it
> existed.

I think the concern of RFC3704/BCP84, i.e., multihoming, is the
primary reason we don't see ingress filtering as much as we should.

Almost any network worth its salt these days is multihomed, making
strict RPF nearly impossible to pull off. Despite this, to my
knowledge, Juniper is one of the only vendors that provides
feasible-path RPF to deal with it. On Cisco and Brocade for example,
you're stuck doing some dark voodoo magic with BGP weights &
communities + strict RPF (refer to the previous money and laziness
points) to accomplish something that SHOULD be basic.

Darius Jahandarie

More information about the NANOG mailing list