BCP38 Deployment

Michael Thomas mike at mtcc.com
Wed Mar 28 16:52:49 UTC 2012 

On 03/28/2012 09:16 AM, Leo Bicknell wrote:
> In a message written on Wed, Mar 28, 2012 at 08:45:12AM -0700, David Conrad wrote:
>> An interesting assertion.  I haven't looked at how end-user networks are built recently.  I had assumed there continue to be customer aggregation points within ISP infrastructure in which BCP38-type filtering could occur.  You're saying this is no longer the case?  What has replaced it?
> Well, RFC3704 for one has updated the methods and tactics since BCP38
> was written.  Remember BCP38 was before even "unicast RPF" as we know it
> existed.
>
>
>
> I'm not saying ISP's can't or couldn't do it, what I am saying, and
> RFC 3704 is repeating, is that it is cheaper/easier/faster and more
> reliable to do it as close to the edge as possible.  "The edge" is
> not the edge of the ISP network, it is the edge of the entire
> network, that is the /last router in the topology/.  Today that
> last router is owned and operated by the customer in most cases.

Yeahbut, the CPE isn't trusted. It would be _nice_ for customers
to be bcp38 clueful as well, but I don't think it's _required_ for
successful deployment from the ISP's standpoint. Even with a
system like DOCSIS where the CPE is semi-trustworthy from a
provisioning/etc standpoint, I don't think I'd _count_ on them.

In any case, isn't RPF really cheap these days on edge aggregation
routers? It's not like it's a new innovation or anything.


>
>
> BCP38 was written when a point to point handoff to a single customer was
> standard, and that's easy to filter.  Today a shared medium (like a
> cable modem network) is common and more importantly connects to more
> routers (home gateways), rathern than PC's.  That's a funamental change
> since BCP38 was written.

DOCSIS was standardized in the mid to late 90's which more or
less predates bcp 38, and it has always been able to handle multiple
endpoints/modem. As I recall, there were specs for cable modem
nics for individual machines, but they never took off.

Mike
>

More information about the NANOG mailing list